Biden administration says partnering with private sector will better prepare for next cyberattack

Biden administration officials said Wednesday the U.S. is better positioned now to respond to cyber chaos like the SolarWinds hack and ransomware attack on the Colonial Pipeline because of the government’s new partnerships with the private sector.

The Cybersecurity and Infrastructure Security Agency’s Eric Goldstein told lawmakers that the Joint Cyber Defense Collaborative is putting potential targets in a better position to limit risk and share information before a cyberattack occurs, rather than waiting until after one hits.

The JCDC, formed last year, teamed national security and law enforcement agencies with the private sector to fight hackers and ransomware attackers.

“Should another incident like the compromises affecting SolarWinds Orion, Microsoft Exchange Server, or Colonial Pipeline occur, the strengthened connective tissue among our partners will allow for a more unified response,” Mr. Goldstein said in written testimony to the House Homeland Security Committee.

The Biden administration has said Russia was responsible for the hack of SolarWinds software that compromised nine federal agencies, and the federal government has identified China as being behind the Microsoft Exchange Server hack.

The ransomware attack on Colonial Pipeline that disrupted the flow of fuel on the East Coast last year was linked to cybercriminal gangs, which victimized Americans nationwide. The FBI’s Internet Crime Report 2021, published last month, showed internet crime complaints rose 7% last year over 2020 and that the corresponding crimes cost victims an estimated sum surpassing $6.9 billion.

The FBI is among the core cyber operational agencies in the JCDC alongside CISA, the National Security Agency and U.S. Cyber Command. Mr. Goldstein touted those agencies’ cyber officials working with America’s largest technology companies, the energy sector, and financial institutions as making the JCDC’s effort to mitigate the damage a success.

The difference between the old model of cybersecurity and the one the federal government is pursuing now involves removing barriers to sharing information that the government and business world collect. Deputy National Cyber Director Robert K. Knake told lawmakers that instead of having meetings between government and business officials, there is now an “operational collaboration” among those responsible for defending government and businesses.

“People at large companies, the systemically important entities, can engage with the private sector, with the government, and can do it in real-time from where they work,” Mr. Knake said at Wednesday’s homeland security committee hearing. “This is a massive leap that the JCDC has really enabled over the last year and we’re really seeing the benefits of that maturation as we confront the Russia threat.”

The Biden administration has continuously urged vigilance to counter cyber threats from Russia to critical infrastructure involving things such as power, communications, and banking, amid Russia’s invasion of Ukraine.  

Cybersecurity professionals’ worst fears have not materialized, and some experts are not noticing much change at all. For example, the cyber threat environment for financial institutions has not changed much for those physically distant from Russia’s invasion, according to Financial Services Information Sharing and Analysis Center CEO Steven Silberstein.

“As I speak the financial sector has not experienced an increased level of cyberattacks directly attributable to Russia,” Mr. Silberstein told the homeland security committee on Tuesday. “We’re always tracking the continuous background noise of low-level cyberattacks and reconnaissance missions, however, outside of the conflict zone we’re not seeing any significant uptick in attacks attributable to any specific geography or threat actor.”