When Joe Biden took office as president in January 2021, he faced a cybersecurity crisis. According to the U.S. Intelligence Community, the threat environment was “acute.” Foreign adversaries were using “cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure.” More than a year later, the situation is still dire. The good news is that Biden’s team is on it.
Donald Trump’s behavior contributed to the crisis. After the Cybersecurity and Infrastructure Protection Agency (CISA) stated that U.S. election of 2020 was “the most secure in American history,” Trump fired its first director, Chris Krebs—a man he had appointed—for refuting his wild and false claims of hacked voting machines. This followed Trump’s previous decisions to abolish high-level cyber positions at the White House and at the State Department.
The leadership vacuum could not have come at a worse time. In December 2020, the cybersecurity company FireEye disclosed that its networks had been affected by malware piggybacking on the popular Orion IT management software, a product of SolarWinds. Major companies and government agencies, including the Pentagon, Department of Homeland Security (DHS), and National Nuclear Security Administration, were affected, along with 18,000 other SolarWinds customers.
Biden began by assembling a strong team in top cyber positions: no mean feat in a field in which the private sector has so much to offer. On day one, he restored the National Security Council cyber job that Trump had unwisely eliminated and chose experienced National Security Agency (NSA) hand Anne Neuberger to fill it. Neuberger was made a deputy assistant to the president and deputy national security advisor, giving the post significantly more clout in the White House status hierarchy than it had enjoyed during the Obama years.
At DHS, Biden moved quickly to fill the void left by Trump’s firing of his CISA director by choosing Jen Easterly, a U.S. Army veteran who helped establish Cyber Command during the Obama years. Biden’s widely-praised choice would go on to be confirmed unanimously by the Senate. For the brand-new position of national cyber director in the White House—created by Congress in January—Biden chose Chris Inglis, who had served as the NSA deputy director during the George W. Bush and Barack Obama administrations.
Job one was addressing the SolarWinds hack. In April, National Security Adviser Jake Sullivan announced that a “mix of tools, seen and unseen” would be used against Russia. Biden imposed targeted sanctions for the “totally inappropriate” SolarWinds hack, just as news emerged of another major cyber espionage operation—this one by Chinese hackers targeting Microsoft Exchange servers.
In May, Biden issued an executive order that set forth new policies and mechanisms to improve information sharing and threat reporting, enhance software supply chain security, and establish a cyber safety review board. Most importantly, the order leverages the government’s purchasing power to spur the adoption of leap-ahead cybersecurity technologies, particularly in the emerging area of “zero trust”—a cybersecurity architecture that relies on protecting data inside a network, assuming that hackers have already penetrated it. “Incremental improvements will not give us the security we need,” the order stresses.
Biden faced more trouble in June, when a ransomware attack on Colonial Pipeline led to fuel shortages in the southeastern United States. In July, an even more massive ransomware attack affected customers of Kaseya, a provider of remote IT services, shutting down supermarkets in Sweden. These were only the highest profile in a spate of ransomware attacks, posing dilemmas for law enforcement and businesses about how to respond. The U.S. Justice Department, Ukrainian police and prosecutors, and other allies worked to identify the Ukrainian man behind the Kaseya attacks. He was arrested in Poland in November.
Meanwhile at CISA, Easterly was moving quickly to transform public-private collaboration from a buzzword with few results to true operational cooperation among technology companies, the government, and critical infrastructure. In August, CISA announced JC/DC—the Joint Cyber Defense Collaborative—which brings together Silicon Valley heavyweights, cybersecurity companies, and the NSA, FBI, and Cyber Command. Among its accomplishments, spurred by ongoing attacks that took advantage of a software vulnerability in code known as “Log4j,” has been to shorten the time between discovering attack information to creating public alerts and mitigations.
Russia’s massing of forces on the Ukrainian border in late 2021 and early 2022 raised the stakes for cybersecurity even further, as experts predicted a wave of digital attacks would precede any conventional assault. They were right. Even before Russia’s tanks rolled across its neighbor’s borders, the cyberattacks were coming fast and furious, freezing Ukrainian government computers and even briefly shutting down German wind turbines. Ukrainians showed as much skill and dedication in defending their digital networks as they did on the battlefield.
Biden’s team played its part. In the early hours of Russia’s invasion of Ukraine, Neuberger helped make sure information about Russian malware discovered by security researchers at Microsoft was quickly shared in time to mitigate its impact.
Congress has also stepped up. On March 15, Biden signed legislation requiring companies that operate critical infrastructure to report significant cyberattacks to CISA, with tight deadlines of twenty-four hours for ransomware payments and seventy-two hours for other cyber incidents. The law will give the government more visibility into cyberattacks because the FBI estimates that only a quarter of such incidents are reported voluntarily. It also represents a bureaucratic victory for CISA’s Easterly, strengthening her agency’s authority in the face of objections that the law sidelines the FBI. Congress continues to consider broader reforms to federal cybersecurity passed by the Senate.
As war rages in Ukraine, Vladimir Putin’s Russia will launch more cyberattacks, quite possibly targeting critical infrastructure in the United States. Biden’s team has amassed an impressive record of accomplishments over its first fifteen months, but there remains much work to do. One thing is sure: cyber threats will be “acute” for many years to come.
Timothy H. Edgar is a senior fellow at the Watson Institute at Brown University, teaches in its cybersecurity master’s program and is a lecturer at Harvard Law School. He served in the White House National Security Staff under President Barack Obama and is the author of Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA.