Citing what he referred to as “evolving intelligence,” President Biden on March 21 said that his administration is reiterating previously issued warnings about the potential that Russia could conduct malicious cyber activity against the U.S.
“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience,” Biden said in a statement.
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” he said.
Biden noted that since the start of his administration, it has worked to strengthen national cyber defenses, “mandating extensive cybersecurity measures for the federal government and those critical infrastructure sectors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure. Congress has partnered with us on these efforts -- we appreciate that Members of Congress worked across the aisle to require companies to report cyber incidents to the United States Government.”
He said that his administration “will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure. But the federal government can’t defend against this threat alone.”
Biden, who noted that most of America’s critical infrastructure is owned and operated by the private sector, said that “critical infrastructure owners and operators must accelerate efforts to lock their digital doors.”
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has been actively working with organizations across critical infrastructure to rapidly share information and mitigation guidance to help protect their systems and networks, he said.
“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year,” Biden said in the statement.
“Protecting our nation’s critical energy infrastructure is a responsibility shared by the energy industry and our government partners at all levels,” the CEO-led Electricity Subsector Coordinating Council (ESCC) said on March 21.
“The briefing provided by the U.S. government was the latest example of this partnership in action, bringing together private-sector critical infrastructure providers and security officials from across the energy industry for the latest intelligence assessment and to reinforce the importance of continued industry vigilance given the ongoing war in Ukraine,” ESCC said.
“The threat of cyber and physical attacks targeting critical infrastructure is not new. The nation’s electricity providers -- investor-owned electric companies, electric cooperatives, and public power utilities -- continuously monitor for threats and are prepared to defend the grid and their infrastructure and systems. They also continue to work with a key partner, the Electricity Information Sharing and Analysis Center (E-ISAC), which analyzes electricity-specific information and context,” ESCC said.
“Additionally, industry and government partner through the ESCC to facilitate information sharing and to develop coordinated responses to incidents, which allows the industry to continue to provide electricity safely and reliably,” it added.
“This partnership is critical in helping to protect the grid from threats that could impact national security and public safety. We appreciate the ongoing collaboration of our federal partners and their level of outreach to ensure that the entire energy industry maintains a vigilant and secure posture,” ESCC said.
For its part, the American Public Power Association offers a wide range of cybersecurity tools and resources for its members. Click here for additional information.