Today marks the first full day of the 46th US presidency, following the inauguration of Joe Biden on 20 January.
The inauguration was a notably muted affair, with the usual crowd of spectators absent due to the Covid-19 pandemic. And it occurred amidst a backdrop of turbulence after pro-Trump rioters stormed the US Capitol Building just 14 days before. In a significant step away from protocol, former President Donald Trump was missing from proceedings.
As well as political tension, the country faces a heightened level of cybersecurity risk in the wake of the Solar Winds attack. The 46th president has inherited a complex cyber situation. But what could the Biden administration mean for cybersecurity?
Biden is inheriting a turbulent cybersecurity situation
The Biden administration begins at a time when cyberattacks against the US public and private sector are at an all-time high, meaning those in the cybersecurity community and beyond will be keenly watching to see what changes are brought about by the change of leadership and its strategy for protecting against nation-state attacks.
A key priority for the administration will undoubtedly be dealing with the aftermath of the SolarWinds attack. During the incident, a Russian advanced persistent threat group inserted malicious code into an update of a piece of Solar Winds software called Orion, used to manage IT networks. This was then downloaded by over 18,000 organisations, including multiple US government departments. The following departments have been confirmed: Energy, Commerce, Justice, Homeland Security, and the US Treasury.
Commenting on the attack, Biden spoke of a need to “close the gap between where our capabilities are now and where they need to be better to deter, detect, disrupt and respond to those sorts of intrusions in the future” and the administration’s response to the threat posed by Russian nation-state actors will certainly be under scrutiny.
Experts have also raised concerns that the storming of the Capitol Building poses a significant cybersecurity risk, speculating that unauthorised individuals could have breached machines and networks or planted malicious devices in the building. Although there is no evidence so far that a cybersecurity incident occurred during the riots, the administration will undoubtedly have to thoroughly review its security procedures.
In the wake of the riots, it has emerged that Trump supporter Riley June Williams may have stolen a laptop or hard drive from the speaker of the House Nancy Pelosi’s office, with the intention of selling it to Russian intelligence.
The administration will also have to ensure it can protect against a wave of attacks targeting Covid-19 development and distribution.
A “perfect storm for cyberattacks”
Andrew Rubin, CEO and co-founder at Illumio, commented that all of these factors have created a “perfect storm” for cyberattacks.
“In cybersecurity, it is becoming increasingly evident that relying on threat detection alone is insufficient. We need a more robust multi-pronged strategy to mitigate future attacks that couples prevention and monitoring with an effective perimeter protection strategy for all critical entities.”
He believes that the new administration should prioritise attack mitigation:
“Security is about managing risk – you need to consider both your posture and the attacker’s posture. Given the current situation and vulnerabilities, the US should assume that bad actors are already in their environment. To keep people and information safe, the government should prioritise measures, like establishing deeper layers of security, that can mitigate the impact and spread of a breach.”
But how will the administration go about doing this? According to GlobalData, it is important for the new administration to be proactive in better securing US government departments through robust cybersecurity standards and better information sharing, particularly following the spate of attacks against local governments during the election season.
Earlier this month, Biden unveiled the $1.9tn American Rescue Plan, which included $9bn to address the cybersecurity “crisis”, with the plan pledging to launch “the most ambitious effort ever to modernise and secure federal IT and networks”.
The plan includes $200m for the hiring of experts to support the federal Chief Information Security Officer and US Digital Service.
The administration has also made several key cyber appointments, including Anne Neuberger as national security adviser for the National Security Council and Rob Joyce as National Security Agency director. With the Trump administration dissolving the White House cyber coordinator role and firing Cybersecurity and Infrastructure Security Agency Director Christopher Krebs, the cybersecurity community will undoubtedly be looking for a greater sense of stability when it comes to cyber leadership.
As well as calls for greater cybersecurity spending, there will certainly be pressure from the cyber industry to address a growing variety of attack types.
In December, non-profit Institute for Security and Technology announced the formation of the Ransomware Task Force, which will bring together companies such as Microsoft, Citrix and Mcafee with the goal of making recommendations to the new administration when it comes to mitigating against ransomware attacks.
Issues such as end-to-end encryption, broadband privacy, and greater international collaboration when it comes to cybersecurity will likely be high on the agenda, as will the administration’s response to the perceived cyber threat posed by Chinese tech companies.
“I would like to see a pivot from cyberwarfare”
However, Chris Morales, head of security analytics at Vectra, said he hopes to see a move towards more defensive cybersecurity under the new administration:
“Biden has a huge amount of work to do in the cybersecurity area, with attacks at an all-time high against the US public and private sector. We did not improve the nations cybersecurity posture over the last four years.
“I would like to see a pivot from cyberwarfare back to risk mitigation and personal privacy. While going on the offensive sounds like a deterrent, it is not aligned with how cyberattacks truly occur, as witnessed in the latest SolarWinds breach. The target is a mix of public/private, and every organisation is left on its own defences. Attacks happen on home turf, not in a distant land where a military can wage war, and cyberattacks end up hurting the end users more than the army waging war.
“It is good to have offensive capabilities, but we’ve got to shore up our own internal defences first. For example, solving ransomware targeting local/state governments with small security staffs and lack of budget.”