Biden's cyber priorities zero in on Russian hack

Biden's cyber priorities zero in on Russian hack
© Getty Images

President Biden and his administration have hit the ground running on cybersecurity during his first week in office, with a particular emphasis on addressing the recent Russian hack that hit the federal government and major U.S. companies.

Experts are calling the focus on cyber issues — and Biden’s efforts to quickly fill key roles and push back against foreign adversaries — a breath of fresh air after four years of the Trump administration.

“Certainly all of the action, and the substantive nature of the action, represents that they’ve put cybersecurity as a priority, which they had said in the transition, but they are putting their money where their mouth is and moving forward on it,” said Kiersten Todt, former executive director of a cybersecurity commission under former President Obama who’s now managing director of the Cyber Readiness Institute.


Administration officials have been forced to immediately confront cybersecurity due to the Russian hacking operation against the IT group SolarWinds, a company that counted much of the federal government and U.S. Fortune 500 companies among its customers.

During his first week in office, Biden took action to get his arms around the cyberattack, which counts the Treasury, Justice and Commerce departments among its victims. Biden ordered the intelligence community to conduct an assessment of the hack, and he raised it Tuesday during his first conversation as president with Russian President Vladimir PutinVladimir Vladimirovich PutinHillicon Valley: Big Tech critic Lina Khan named chair of the FTC | Lawmakers urge Biden to be tough on cyber during summit with Putin | TSA working on additional security regulations following Colonial Pipeline hack Overnight Defense: Top admiral shoots back at criticism of 'woke' military | Military guns go missing | New White House strategy to battle domestic extremism Lawmakers urge Biden to be tough on cybersecurity during summit with Putin MORE.

Biden pledged before taking office that he would take a strong stance against Russia and any other foreign nations who attempted to interfere with the U.S. in cyberspace, vowing in December to make cybersecurity an “imperative.”

He took steps toward delivering on that pledge by including more than $10 billion in cybersecurity and IT funds to boost federal cybersecurity efforts in his $1.9 trillion COVID-19 relief proposal. Whether those provisions remain in the bill is unclear, as Biden has indicated he’s open to negotiation on the package.

Beyond Cabinet picks such as newly confirmed Director of National Intelligence Avril HainesAvril HainesFBI warns lawmakers of violence from QAnon conspiracy theorists Concerns grow over China's Taiwan plans Lawrence Livermore report finds Wuhan lab leak theory plausible MORE and Homeland Security secretary nominee Alejandro MayorkasAlejandro MayorkasBiden expanding program for allowing young Central Americans into US US expanding work permits, deportation relief for crime victims Democrats press ICE, DHS to not re-detain migrants released during pandemic MORE, who said during her confirmation hearing that cybersecurity is a “priority,” Biden has also moved swiftly to fill other roles.


The White House announced last week that Anne Neuberger, the director of the National Security Agency’s Cybersecurity Directorate, will fill the new position of deputy national security adviser for cyber and emerging technology on the National Security Council.

The administration also selected former Biden campaign chief information security officer Chris DeRusha as federal CISO and former NSA official Michael Sulmeyer to serve as senior director for cyber on the National Security Council.

And according to Reuters, Biden is eying Jen Easterly, another former NSA official, to serve in the newly created cyber czar role.

“The Biden Administration’s rapid steps to fill cyber positions demonstrate that cybersecurity will be a priority for this administration,” said Michael Daniel, former cybersecurity coordinator under former President Obama who’s now head of the Cyber Threat Alliance.

Theresa Payton, White House chief information officer under former President George W. Bush, also applauded the new hires.

“I say bravo, because what’s wonderful is regardless of who the administration is and the political appointees in charge of these groups, there are dedicated men and women running the operations day to day,” said Payton, who serves as CEO of cyber consultancy group Fortalice Solutions. “The sooner the better to get seasoned leadership in place to understand what’s working well.”

Biden’s efforts to address cybersecurity in his first week stand in contrast to the Trump administration, which was widely criticized for eliminating both the cybersecurity coordinator position at the White House and the State Department’s cyber office, though a new cyber and emerging technology bureau was established prior to former President TrumpDonald TrumpKushner lands book deal, slated for release in 2022 Biden moves to undo Trump trade legacy with EU deal Progressives rave over Harrison's start at DNC MORE leaving office.

While Trump officials, including former Secretary of State Mike PompeoMike PompeoRNC's McDaniel launches podcast highlighting Republicans outside of Washington Pompeo launches political group ahead of possible White House bid Sunday shows - Biden foreign policy in focus MORE and former Attorney General William BarrBill BarrTrump, allies pressured DOJ to back election claims, documents show House Judiciary to probe DOJ's seizure of data from lawmakers, journalists Judge temporarily blocks release of Trump obstruction memo MORE, cited Russia as behind the SolarWinds attack, Trump only addressed the incident once in a tweet, and tried to shift the blame to China.

“Obviously this is a significant improvement over the Trump administration’s policy to eliminate the cybersecurity coordinator, but that’s a low bar to jump over. The higher bar, which they are striving for, is by having these experienced professionals who have a good understanding that public-private collaboration is critical to success,” said Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies.

But even with his early moves, Biden is under pressure to go further, particularly on Chinese technology issues, an area of intense focus during the Trump administration.

White House press secretary Jen PsakiJen PsakiLawmakers urge Biden to be tough on cybersecurity during summit with Putin Fox's John Roberts says for media, no Biden-Putin presser is a loss Harris highlights COVID-19 vaccination safety, efficacy in SC event to kick off tour MORE on Monday stressed that while Biden planned to “hold China accountable” on technology-related issues, no formal decisions about the administration’s stance on companies such as Huawei and TikTok's parent company ByteDance had been made.

Commerce Secretary nominee Gina RaimondoGina RaimondoUS, EU establish trade and technology council to compete with China On World Oceans Day, we need a sea change Biden administration launches supply chain task force to tackle disruptions MORE refused to commit during her confirmation hearing Tuesday on whether the agency would keep Huawei blacklisted if she was confirmed.

“I worry a little about having the same attention to detail with China,” Montgomery said. “China represents, as they do in many security areas, the more long-term threat, but as long as we are consistent in applying this to Russia, China, Iran, and North Korea, I think we will be in a good position.”

Beyond China, Daniel recommended that Biden keep up a continued focus on the SolarWinds incident, the cyber czar office, and strengthening federal cybersecurity capabilities in the first 100 days.

“The Biden administration should focus on building on the successes of the past four administrations,” Daniel said. “It should resist the temptation to review previous policy decisions around roles and missions.”