Advertisement

White House issues call to action in light of new intelligence on Russian cyberthreat

Russia has taken "preparatory actions" including probing websites for vulnerabilities, presidential adviser Anne Neuberger said.
Anne Neuberger, White House cyber warning, potential Russian cyberattacks
Anne Neuberger, deputy national security adviser for cyber and emerging technology, speaks March 21, 2022, in the White House Briefing Room. (Photo by NICHOLAS KAMM/AFP via Getty Images)

The Biden administration renewed calls Monday for the private sector to address known vulnerabilities and shore up cyberdefenses in light of a looming possibility of a cyberattack from Russia on U.S. infrastructure.

The latest warning is “based on evolving threat intelligence, that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States,” Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, said at a press conference Monday.

Federal agencies have issued a series of warnings across critical industries in recent weeks in light of potential retaliation from Russia in response to financial sanctions.

Monday’s call to action “speaks to evolving threat intelligence and a potential shift in intention,” by Russia, Neuberger said. Last week agencies including Energy and Treasury hosted classified and unclassified briefings with hundreds of companies, she said.

Advertisement

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the FBI have also issued a series of alerts, including guidance to satellite communications network providers last week in reaction to an attack on a European satellite internet company that knocked down some communications in Ukraine.

Neuberger declined to attribute that attack to any nation-state actor but said that U.S. intelligence is continuing to investigate.

“The most troubling piece,” Anne Neubeger said, is that “we continue to see known vulnerabilities for which we have patches available” used by cyberattackers to compromise U.S. companies.

Neuberger said the U.S. government has detected no specific threats at this time but has observed “preparations” such as scans of websites and probes for known vulnerabilities — typical activities for nation-state hacking groups that can become more ominous when geopolitical tensions are higher.

“The most troubling piece,” Neubeger said, is that “we continue to see known vulnerabilities for which we have patches available” used by cyberattackers to compromise U.S. companies. And that “makes it far easier for attackers than it needs to be,” she said.

Advertisement

Most of U.S. critical infrastructure is privately owned and operated, giving the government little authority in mandating cybersecurity protections. President Biden signed a government funding package last Tuesday that included a new law requiring critical infrastructure owners and operators to report a hack to DHS within 72 hours.

Biden echoed the warnings at a meeting with business leaders on Monday. “The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” Biden said.

He urged business leaders to take up their “patriotic obligation” and invest as much as possible into their cyberdefenses.

Biden has said that the U.S. is not looking to engage in any sort of direct conflict with Russia but will not hesitate in reacting to cybersecurity incidents.

“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” he said at a press conference earlier this month.

Russia declared war against Ukraine on Feb. 24., 2022. Before, during and after the military campaign began, the CyberScoop staff has been tracking the cyber dimensions of the conflict.

This story was featured in CyberScoop Special Report: War in Ukraine

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts