skip to Main Content

Cybersecurity in Biden administration: Bi-monthly roundup

Biden

The Biden Administration has made it clear that it is going to make cybersecurity a national priority. The President started with allotting a $10 billion budget to improve cyber defenses right on the first day of office. He had also announced a few key appointments for national cybersecurity agencies.    

His recent notice to Putin that “Critical infrastructure should be off-limits” and the BlackMatter ransomware group pledging that certain critical industries won’t be attacked indicate that the cybercriminals are now taking the government warnings seriously. 

Here is a list of significant cybersecurity steps adopted by the Biden administration after a few critical sectors got attacked.  

The launch of JCDC 

During his visit to the Office of the Director of National Intelligence (ODNI), Biden said, “If we end up in a war, a real shooting war, with a major power, it’s going to be as a consequence of a cyber breach.” 

He subsequently announced the commencement of the Joint Cyber Defense Collaborative (JCDC).  The JCDC brings public and private sector entities together to fight against cyberattacks.  Members will coordinate the integrated execution of these plans. JCDC is a diverse committee that promotes national resilience by coordinating actions to identify, protect against, detect, and respond to cyber threats. 

VDP for Federal Civilian Executive Branch (FCEB) 

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has launched the Vulnerability Disclosure Policy (VDP) platform that allows Federal Civilian Executive Branch (FCEB) agencies to identify, monitor, and close security gaps in critical systems with the help of ethical hackers worldwide.   

“Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion, and those reporting incidents enjoy a single, usable website to facilitate submission of findings,” said Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity. 

Memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems.”    

The Biden administration has released the national security memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems.”    

 With the Memorandum, the White House has urged critical infrastructure owners and operators to follow voluntary guidelines and mandatory requirements to ensure that the critical services are protected from cyber threats. These include:  

  • Implementing specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems within prescribed timeframes 
  • Developing and implementing a cybersecurity contingency and recovery plan 
  • Conducting an annual cybersecurity architecture design review 

 Transportation Security Administration issues second Security Directive  

DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement several urgently needed protections against cyber intrusions.  

“The lives and livelihoods of the American people depend on our collective ability to protect our Nation’s critical infrastructure from evolving threats,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “Through this Security Directive, DHS can better ensure the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats and better protect our national and economic security. Public-private partnerships are critical to the security of every community across our country, and DHS will continue working closely with our private sector partners to support their operations and increase their cybersecurity resilience.” 

Disclosure of ransomware attacks 

With increased companies falling prey to cyberattacks, the country’s federal bodies, including the Department of Justice, the FBI, Department of Homeland Security’s CISA division, and the Secret Service, have all urged Congress to pass a bill that would force companies to disclose ransomware attacks.  

Senate Judiciary Committee hearing 

The discussion on ransomware disclosures was brought to Congress during the Senate Judiciary Committee hearing. Several federal bodies pointed out that organizations are still not reporting cyberattacks. Eric Goldstein, executive assistant director at CISA, opined that only a quarter of ransomware intrusions are “actually reported,” while mostothers slip under the radar.  

With the recent high-profile ransomware attacks like Colonial Pipeline and the JBS, the federal bodies insisted that the government improves its cybersecurity posture. Representatives from the DHS also pointed out that several ransomware actors have changed their behavior for several reasons. Still, the agencies do not have the data to substantiate it.  

According to the experts, the main reasons for reluctance in reporting ransomware attacks for organizations are fear of regulatory action, reputational harm, and hindrance in business operations.  

Small Businesses are Bearing the Brunt   

During the hearing, it was also brought to the attention of the Senate that small businesses are enduring most ransomware attacks. Members of the committee pointed out that three out of four incidents are targeted at small businesses.  

They pointed out that ransomware attacks target companies with “deep pockets “and small businesses with thin margins that have already been pushed to the brink due to the pandemic. Even here, 51% of companies do not have any cybersecurity resources.  

With more than 100 variants of RaaS (Ransomware-as-a-Service) on the dark web used in multiple ransomware campaigns, carrying out a ransomware attack has become extremely easy for anyone.  

States are Considering Ban on Ransomware Payoffs  

Amidst these discussions at the federal level, states like New York, North Carolina, and Pennsylvania are mulling on passing legislation that would ban their federal bodies and local agencies from paying ransom to attackers in the event of a ransomware attack. Leaders of the states feel they would be less likely be a target of cyberattacks if they make it illegal to pay the ransom.  

While several experts have welcomed the move, several others believe that local governments, especially smaller ones, may not be able to rebuild their networks quickly in case of an attack. 

Rewards for Justice program 

In a bid to boost the state’s cybersecurity, the Biden administration is offering rewards up to $10 million for information leading to the identification/location of individuals who may have been involved in state-sponsored malicious cyber activities.    

The U.S. Department of State’s program called “Rewards for Justice” aims to combat cyber terrorism, espionage attempts, and ransomware campaigns by foreign governments.    

The department has also set up a Dark Web (Tor-based) tips-reporting line to protect the safety and security of potential sources. 

Conclusion 

Cybersecurity is a shared responsibility. With the digitization of every unit or department and the bolder and sophisticated threats, cybersecurity has become a fundamental thread that enables continuous business and administration. The focus of the U.S. government to strengthen the cyber posture was due for a long time but is appreciable and is headed in the right direction. 

Augustin Kurian

Augustin Kurian is the Associate Manager for Cyber Reports at Alliant Cybersecurity, an infosec subsidiary of the alliantgroup. In his role he is responsible for producing content, preparing the content strategies for the division, and ensure all the editorial guidelines and policies are met.

Prior to that, he was the Assistant Editor of a popular cybersecurity magazine where he specialized in news, cybersecurity analysis, and interviewed eminent personalities in the infosec space.

Back To Top