The Biden administration is warning United States companies to step up their security in preparation for a potential Russian cyber attack. On Monday, President Biden released a statement about what he described as the “evolving” threat, along with a list of suggested security actions for companies to take. Some of those recommendations include requiring the use of multi-factor authentication, changing passwords, backing up and encrypting data, and undergoing emergency drills to prepare for a potential attack.
“Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors,” President Biden said in the statement.
This new messaging adds urgency to earlier warnings the White House has given since the US began imposing sanctions on Russia in response to the country’s invasion of Ukraine. Anne Neuberger, deputy national security adviser for cyber and emerging technology, said in a press briefing Monday that there is no evidence of a specific planned attack. However, she said intelligence has found “preparatory activity” aimed at American businesses and “a potential shift in intention” to carry out such cyber plans.
While she declined to specify what that preparatory activity looks like or any specific industries that might be targeted, she did note that federal agencies held a briefing with more than 100 US companies last week to provide guidance and offer resources from agencies like the Federal Bureau of Investigation. Water, electric, oil and gas, and hospitals are among the privately-owned critical infrastructure companies she said the administration is particularly urging to put up preventative cyber defenses.
In his statement, President Biden called cyber attacks “part of Russia’s playbook.” The country has been behind some of the most prolific hacks and digital attacks against US companies, and it has made Ukraine its “cyber punching bag,” Glenn Gerstell, a former General Counsel of the United States National Security Agency, told Popular Science last week. In the past, Russia has taken out multiple Ukrainian power distribution centers, and Neuberger said Russia continues to conduct “significant malicious activity” in the country.
Experts suggest individuals also take some of the same steps the Biden administration has recommended to companies to ensure their personal information is safe, including increasing password security and saving paper copies of key records, like health and banking statements.