SPONSORED:

Biden takes quick action on cyber in first 100 days

Biden takes quick action on cyber in first 100 days
© Getty Images

President BidenJoe BidenCaitlyn Jenner says election was not 'stolen,' calls Biden 'our president' Manchin, Biden huddle amid talk of breaking up T package Overnight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals MORE and his administration hit the ground running on securing federal networks and critical infrastructure during his first 100 days in office, taking quick action after years of what some officials viewed as national security setbacks in U.S. cyber policy.

Those actions were fast-tracked in large part by a series of massive cyber intrusions into federal and private networks by foreign hackers. Biden came under pressure pretty much from day one to take a stand against adversaries and revitalize national cyber efforts through levying sanctions and issuing executive orders.

“The first 100 days for the Biden administration demonstrate that they take cybersecurity seriously,” said Michael Daniel, the White House cybersecurity coordinator under former President Obama who’s now head of the Cyber Threat Alliance.

ADVERTISEMENT

The furious pace of executive actions, combined with securing significant funding from Congress for cyber defenses, stands in contrast to Biden’s predecessor, who often downplayed cyber threats.

“President Biden and his administration are off to a strong start,” House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon ThompsonBiden administration, Congress unite in effort to tackle ransomware attacks First migrant families reunited in 'beginning' of larger effort Biden takes quick action on cyber in first 100 days MORE (D-Miss.) said in a statement provided to The Hill on Wednesday, adding that they “will have done more to move the ball forward on cybersecurity in four months than President TrumpDonald TrumpCaitlyn Jenner says election was not 'stolen,' calls Biden 'our president' Overnight Health Care: FDA authorizes Pfizer vaccine for adolescents | Biden administration reverses limits on LGBTQ health protections Overnight Defense: US fires 30 warning shots at Iranian boats | Kabul attack heightens fears of Afghan women's fates | Democratic Party leaders push Biden on rejoining Iran deal MORE did in four years.”

Biden’s actions have also elicited supportive remarks from some Republicans, with House Homeland Security Committee ranking member John KatkoJohn Michael KatkoHillicon Valley: US, UK authorities say Russian hackers exploited Microsoft vulnerabilities | Lawmakers push for more cyber funds in annual appropriations | Google child care workers ask for transportation stipend Lawmakers push for increased cybersecurity funds in annual appropriations America's Jewish communities are under attack — Here are 3 things Congress can do MORE (R-N.Y.) saying he was “encouraged” by Biden’s moves on cybersecurity in the first 100 days.

While Biden had made clear on the campaign trail he would push back against foreign hackers, he was forced to confront cyber threats on his first day in office. 

Biden was sworn in a month after the discovery of what’s become known as the SolarWinds hack, in which Russian hackers compromised nine federal agencies and at least 100 private sector groups.

And just as the administration began wrapping up its investigation, Microsoft announced in March that at least one Chinese state-sponsored group had infiltrated vulnerabilities in its Exchange Server program, potentially compromising thousands of organizations. 

ADVERTISEMENT

In response, Biden has taken a variety of actions aimed at strengthening federal cybersecurity, including sanctioning Russia earlier this month for its involvement in the SolarWinds hack and for interfering in U.S. elections.

“They did both of these things, and I told them we would respond, and we have,” Biden said during his first address to a joint session of Congress on Wednesday evening. 

The administration also set up coordination groups consisting of multiple federal agencies to respond to and investigate both the SolarWinds and Microsoft incidents, and officials announced in February that Biden intended to sign an executive order that would strengthen federal cybersecurity in wake of both attacks.

He has yet to sign that order.

But since that announcement, Biden signed one that aims to secure critical supply chains, including those for semiconductors. The administration also embarked on a 100-day plan for securing the electric grid against cyber threats.

The administration’s cybersecurity investigations into SolarWinds and early steps to increase federal cybersecurity were led in large part by Anne Neuberger, who was appointed deputy national security adviser for cyber and emerging technology by Biden in January. 

Since then he has nominated former National Security Agency Deputy Director Chris Inglis to serve as national cyber director and Jen Easterly as director of the Cybersecurity and Infrastructure Security Agency (CISA).

“I would encourage legislators that unless they see some egregious reason not to approve, to move very swiftly and very quickly” on those nominations, said Theresa Payton, White House chief information officer during the George W. Bush administration who’s now CEO of the cybersecurity consultancy group Fortalice.

“These leadership roles need to be in place sooner rather than later. I have been impressed with all of the names he has put forward,” she added.

Biden’s moves on cybersecurity are a notable shift from former President Trump, whose administration decided to eliminate the former White House cybersecurity position, merge the State Department’s cyber office with another bureau, and push out the senior leadership of CISA after the 2020 elections.

That left the Trump administration without key federal cybersecurity leaders in place leading up to Biden’s inauguration.

While Biden is generally acknowledged to have made a good start in prioritizing cybersecurity, officials note there is still more that needs to be done.

ADVERTISEMENT

Rep. Jim LangevinJames (Jim) R. LangevinLawmakers push for increased cybersecurity funds in annual appropriations Biden takes quick action on cyber in first 100 days Senate Intelligence panel working on legislation around mandatory cyber breach notification MORE (D-R.I.), chairman of the House Armed Services Committee’s cyber panel, said he is pushing for more cybersecurity funding.

“We need dedicated funding to secure our digital infrastructure against further intrusion,” Langevin said in a statement to The Hill. “I will continue to strongly advocate for a $400 million increase in CISA’s budget and make sure that the President’s bold infrastructure plans contain equally bold plans for securing Americans in cyberspace.”

Katko also stressed the need for “sustained” CISA funding. The agency received $650 million as part of the $1.9 trillion American Rescue Plan Act signed into law last month. 

“I would like to see President Biden commit to putting CISA on a pathway to be a $5 billion agency in the coming years,” Katko said. “This will also require appropriately elevating the agency in interagency decisionmaking to ensure the federal government can be better prepared to compete – and win – in cyberspace.”

Cybersecurity experts see more room for improvement on other critical infrastructure areas.

Payton pointed to concerns that the administration had not put enough attention into protecting other areas beyond the electric grid, with Biden's infrastructure proposal excluding language on cyber threats.

ADVERTISEMENT

“I give them an A on the 100-day plan to address the electric system cybersecurity risks, but I give them a B on critical infrastructure because there is not enough clarity,” Payton said.

Daniel acknowledged that while more could be done, the administration had made great strides in its efforts to protect the nation against escalating cyber threats. 

“Of course, the Biden administration still faces serious cybersecurity threats,” Daniel said. “However, the administration’s performance in the first 100 days has been very good and they should be able to build on this success.”