President-elect Joe Biden has taken a stance on the recently discovered hack of US government and private sector systems, promising to hold adversaries accountable. In a statement issued by his transition team, Biden said he had already been briefed by government officials on the attack and would make dealing with it a priority when it took office.
Biden promised to strengthen partnerships with the private sector and expand investments in cyber security infrastructure, but he also hinted at a more hawkish cyber security approach.
"A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place," Biden said. "We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation."
In the last few days, government officials and private sector companies have discovered the scope of a massive cyber attack on US government and private sector systems. The attack, delivered via malicious code injected into SolarWinds' IT monitoring software, is ongoing, officials warned. In an update, Microsoft president Brad Smith called the incident, believed now to have been engineered by Russia, "an attack on the United States and its government and other critical institutions."
Biden has a tough job ahead of him. "This is big," said Sue Gordon, who served as principal deputy director of national intelligence in the Office of the Director of National Intelligence (DNI) until resigning from the position in August 2019, likening it to the Office of Personnel Management hack revealed in 2015. "Even bigger than that because this is public and private, and global," Gordon said, pointing out that the problem is ongoing. "This is not only problematic in terms of the information, but problematic in terms of getting rid of it."
President Trump remained silent on the hack this week. During his term as president, more than a third of his National Infrastructure Advisory Council members quit, citing "insufficient attention to the growing threats to the cybersecurity of the critical systems upon which all Americans depend."
Trump appointed Bush-era security advisor Tom Bossert to head up the administration's cyber security efforts, but the White House's John Bolton removed him in April 2018, leaving the position vacant.
In 2018, senators announced the bipartisan Cyber Deterrence and Response Act that would have forced the president to act against overseas hackers found targeting the US or explain why he hadn't. However, lawmakers failed to pass the bill.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
UK cyber experts on red alert after Salt Typhoon attacks on US telcosAnalysis The UK could be next in a spate of state-sponsored attacks on telecoms infrastructure
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standardsNews Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
-
The US could be set to ban TP-Link routersNews US authorities could be lining up the largest equipment proscription since the 2019 ban on Huawei networking infrastructure
-
Three ways to evolve your security operationsWhitepaper Why current approaches aren’t working
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Quantifying the public vulnerability market: 2022 editionWhitepaper An analysis of vulnerability disclosures, impact severity, and product analysis
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
US government IT contractor could face death penalty over espionage chargesNews The IT pro faces two espionage charges, each of which could lead to a death sentence or life imprisonment, prosecutors said
