Advertisement
03/23/2022

President Biden Warns Private Businesses of Potential Cyberattacks from Russia

President Biden asked private businesses to invest in the “technological capacity to deal with cyberattacks," as he warned of potential cyberattacks. Learn what cybersecurity steps the Administration suggests companies take.
Jamie Grill-Goodman
Senior Editor
Jamie Grill-Goodman profile picture
Image

President Joe Biden warned private businesses of potential cyberattacks from Russia in response to economic sanctions the U.S. has imposed, asking businesses to invest in the “technological capacity to deal with cyberattacks.”

In remarks before Business Roundtable’s CEO quarterly meeting, President Biden said that thatthe Biden-Harris Administration has issued renewed warning that Russia may be planning a cyberattack against America. He noted “the magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming.” 

The President said that while the federal government is “doing its part to get ready,” the private sector “largely decides the protections that we will or will not take in order to protect your sources.” He continued, “we’re prepared to help you with any tools and expertise we possess if you’re ready to do that.  But it’s your decision as to the steps you’ll take and your responsibility to take them, not ours.”

The Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed, it said in a press release. There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.

The President has launched public-private action plans to shore up the cybersecurity of the electricity, pipeline, and water sectors and has directed Departments and Agencies to use all existing government authorities to mandate new cybersecurity and network defense measures. The U.S. Government will continue its efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign and said it will defend the Nation and respond to cyberattacks, but noted much of the Nation’s critical infrastructure “is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”

The Administration urged companies to execute the following steps with urgency:

 

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt your data so it cannot be used if it is stolen;
  • Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI for resources.
    The administration also provided tips for technology and software companies to bolster America’s cybersecurity over the long term:

     

    • Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
    • Develop software only on a system that is highly secure and accessible only to those actually working on a particular project.  This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.
    • Use modern tools to check for known and potential vulnerabilities. Developers can fix most software vulnerabilities — if they know about them.  There are automated tools that can review code and find most coding errors before software ships, and before a malicious actor takes advantage of them. 
    • Software developers are responsible for all code used in their products, including open source code. Most software is built using many different components and libraries, much of which is open source.  Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it. 
    • Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity.