Biden issues stark warning of Russian cyberattacks on US

22 Mar 2022

Joe Biden at the 2019 Iowa Federation of Labor Convention. Image: Gage Skidmore/Flickr (CC BY-SA 2.0)

Calling it ‘part of Russia’s playbook’, Biden urged private US companies to heighten security measures to prevent cyberattacks.

US president Joe Biden has warned companies operating in the country to bolster their cybersecurity efforts as “evolving intelligence” suggests that Russia is planning cyberattacks on the US.

In a statement issued yesterday (21 March), Biden said that his administration has compelling reason to believe the Russian government is planning to use cyberattacks against US critical infrastructure in response to harsh economic sanctions issued by the US in coordination with other nations.

This is not the first time recently an alarm has been raised in the US of potential Russian cyberattacks.

In a joint advisory last week, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned organisations to be on alert and bolster their multi-factor authentication security after revealing details of how state-sponsored hackers in Russia were able to gain access to an unnamed NGO’s network.

Earlier in the month, three US cybersecurity companies – Cloudflare, CrowdStrike and Ping Identity – joined hands to offer many of their products and services to US critical infrastructure organisations for free, in anticipation of potential cyberattacks emanating from Moscow.

‘Can’t defend against this threat alone’

The latest warning from Biden urges private companies, which play a key role in US critical infrastructure, to work in tandem with the government to fortify security and prevent any large-scale damage to the lives and livelihoods of US citizens.

“My administration will continue to use every tool to deter, disrupt and, if necessary, respond to cyberattacks against critical infrastructure. But the federal government can’t defend against this threat alone,” Biden said, calling malicious cyber activity “part of Russia’s playbook”.

The US government has recommended several urgent steps for private companies to take, including mandating the use of multi-factor authentication, deploying modern security tools, ensuring systems are patched against known vulnerabilities, backing up and encrypting all data, and engaging with the FBI and CISA.

A long-term approach of “bake it in, don’t bolt it on” has also been recommended to companies to build their cybersecurity from the ground up, to protect both intellectual property and customer privacy.

While Ukraine has borne the brunt of cyberattacks from Russia in recent months, the US hasn’t been spared from its share of threats. Bloomberg reported in early March that more than 100 employees of almost two dozen natural gas companies in the US were found to have been hacked by Russian actors in mid-February and just before Russia began its invasion of Ukraine.

Joe Biden at the 2019 Iowa Federation of Labor Convention. Image: Gage Skidmore/Flickr (CC BY-SA 2.0)

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic