"It's coming": President Biden warns of "evolving" Russian cyber threat to U.S.
President Biden warned Monday that "evolving intelligence" suggests Russia is exploring options for potential cyberattacks targeting U.S. critical infrastructure.
"The magnitude of Russia's cyber capacity is fairly consequential," Mr. Biden said, addressing the Business Roundtable, an association of some of the nation's largest corporations. "And it's coming."
While there's no evidence of any specific cyberattack threat, Anne Neuberger, Mr. Biden's deputy national security adviser for cyber and emerging technology, told reporters Monday afternoon that U.S. officials have observed "preparatory work" linked to nation-state actors. Such activity could indicate increased levels of scanning websites and hunting for vulnerabilities among U.S. companies.
Further details on U.S. intelligence remain unclear, but as Moscow could look for ways to retaliate against economic sanctions imposed following their invasion of Ukraine, potential targets include the U.S. financial sector, electric grid, water treatment plants and hospitals.
"Russia is probably looking to aggressively respond in a manner that won't lead to war with the U.S., and cyber attacks are a means for them to exact costs without crossing a major red line," John Hultquist, vice president of intelligence analysis for cybersecurity firm Mandiant, told CBS News. "Cyber attacks are often reversible and nonlethal, but their economic and psychological costs could be significant."
Neuberger called it "deeply troubling" that companies worldwide continue to see breaches as a result of known vulnerabilities they've failed to patch.
The White House push comes just days before the president is set to embark on a trip to Brussels for a NATO summit on Thursday before heading to Poland and amid the U.S. government's efforts to declassify intelligence about Russia's plans in Ukraine. The U.S. has previously disclosed its findings to deter the Kremlin and other adversaries from following through on plans and undermine attempts at plausible deniability.
White House officials delivered classified briefings to more than 100 companies last week, urging at-risk private sector partners to bolster cybersecurity defenses against potential intrusions by Russia-linked actors.
"Most of America's critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors," Monday's White House statement said. "The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has been actively working with organizations across critical infrastructure to rapidly share information and mitigation guidance to help protect their systems and networks."
Homeland Security Secretary Alejandro Mayorkas on Monday encouraged organizations "of every size and across every sector" to report cyber incidents to CISA or their local FBI field office. "DHS will continue to share timely and actionable information and intelligence to ensure our partners and the public have the tools they need to keep our communities safe and secure, and increase nationwide cybersecurity preparedness," Mayorkas added.
For months, the Biden administration has prodded companies to prevent cyber intrusions through a slew of tactics: multi-factor authentication, patching known vulnerabilities, running through drills and emergency plans, as well as encrypting and backing up data.
CISA Director Jen Easterly told CBS News Friday that U.S. officials have not let their guard down. "What we are focused on right now very urgently, is working very closely with our private sector partners with our state and local partners with our federal partners to ensure that there is a robust understanding of the cyber threat environment and the potential consequences of Russian malicious cyber activity."
"It is increasingly difficult to prevent bad things from happening," Easterly added. "And so we have to work together and assume that bad things will happen, assume there will be cyber attacks, assume there will be disruptive activity."
Easterly, the director of the nation's cyber defense agency, said she is increasingly worried about "vigilance fatigue" among U.S. companies sprinting to secure their networks. "It is hard to maintain a very high tempo of extreme preparedness, but we are not even a month into this unjust, illegal, unprovoked invasion of a democracy and we need to continue to keep our shields up. We are putting out more and more information so that folks understand the nature of the threat environment."
Since November, the Department of Homeland Security has overseen more than 80 briefings, table exercises and informational sessions with the private sector designed to bolster U.S. cyber defenses in the event of Russian malicious cyber activity.
Lawmakers have voiced their concerns directly to the DHS secretary. Last week, 22 U.S. senators, led by Democratic Sen. Jacky Rosen of Nevada and Republican Sen. Mike Rounds of South Dakota, signed a bipartisan letter demanding more information about the U.S. response to Russian cyber threats and disinformation. CISA vowed in a response letter on Monday to brief lawmakers in the coming days.
CISA and the FBI released several joint cyber bulletins last week, including an advisory detailing the threat to satellite communication networks just days after reports of a hack by unidentified actors directed at telecommunications firm Viasat. Reuters first reported on the disruption of broadband satellite internet access at the start of the Russian invasion.
Since February 15, the Ukrainian government said it has suffered over 3,000 DDoS or "distributed denial of service attacks," that have barraged government websites with traffic until they grind to a halt.
But a cyberattack on a NATO member state could prompt Article 5, its collective defense clause, according to previous statements by Jens Stoltenberg, NATO Secretary General. The hypothetical trigger has intensified concerns that the Russian invasion of Ukraine could spill over to the United States and other territories.
"An attack on critical infrastructure that can be tied to the Russian government would absolutely be grounds for escalation, depending on the impact of that incident," Alex Iftimie, a former national security official at the Department of Justice, told CBS News. "It could have significant consequences down the road in terms of potential direct involvement of the United States in this conflict."
"I think the president was very clear," Neuberger told reporters before departing from the briefing room. "We're not looking for a conflict with Russia. But if Russia initiates a cyber attack against the United States, we will respond."
Arden Farhi, Major Garrett, Margaret Brennan and Andres Triay contributed to this report.