U.S. Response to Cyberattacks? It Must Be More Than Just Biden’s “Off Limits” List

Contact Your Elected Officials

KEY TAKEAWAYS

  1. The president said he handed over a list of 16 areas of critical infrastructure.
  2. Secretary of Defense Lloyd Austin was recently asked whether there’s a definition of what constitutes a cyberattack on the U.S. He struggled to answer.
  3. The Biden administration cannot rely on simply handing over a “do not attack” list to Putin and hoping for things to get better.

President Joe Biden and Russian President Vladimir Putin held a mid-June summit in Geneva, after which Biden told reporters, “I talked about the proposition that certain critical infrastructure should be off-limits to attack, period—by cyber or any other means.”

The president said he handed over a list of 16 areas of critical infrastructure that are broadly defined currently by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Leading up to the July Fourth weekend, news broke that Kaseya, an information technology management software provider, had suffered a massive software supply chain ransomware attack that has spanned the globe, affecting businesses, grocery store chains, schools, and more everywhere, from the U.S. to Germany to New Zealand.

Kaseya said that “critical infrastructure” has not been affected by the attack. About 50 of its customers have been hit, leading to downstream effects of 800 to 1,500 “local and small businesses” hurt by the ransomware attack.

However, Kaseya could be considered one of those 16 critical infrastructure sectors as “infrastructure technology.” The FBI continues to investigate the broader set of victims of this attack, so it may be some time before we know its full impact, which could be more extensive than current reporting.

REvil, a Russian-based ransomware-as-a-service group that carried out previous high-profile attacks, such as against JBS meatpacking, has claimed responsibility for the ransom and has demanded $70 million in bitcoin cryptocurrency while claiming to have affected more than “a million” systems.

With the onslaught of ever-growing cyberattacks, Biden’s approach to cyber diplomacy is on shaky ground.

“We agreed to task experts in both our countries to work on specific understandings about what’s off-limits [for hacking] and to follow up on specific cases that originate in … either of our countries,” he said, shortly after his summit with Putin. White House press secretary Jen Psaki stated that “expert level” discussions are ongoing with a session on ransomware set for next week.

One can have a differing opinion on the severity of these various cyberattacks or crimes, and whether or not they are state-backed, but the fact remains that they are increasingly affecting everyday Americans.

Businesses, hospitals, schools, and other entities in the U.S. and elsewhere may not be deemed “critical infrastructure,” but ransomware attacks against them have a significant impact economically and personally to individuals and organizations.

For example, a recent ransomware attack against Ireland’s hospital networks has led to weeks of disruptions of hospital information technology functions that have affected scheduling capabilities for blood tests and diagnostics.

Secretary of Defense Lloyd Austin was recently asked whether there’s a definition of what constitutes a cyberattack on the U.S. He struggled to answer an important question that our country must be ready to answer and outline to our foes in this new battlefront.

Former Director of National Intelligence John Ratcliffe noted that the U.S. needs to attribute these attacks and either overtly or covertly retaliate against those responsible, thereby creating deterrence for the future.

If the response is against Russian cybercriminals directly, the Putin regime should be put on notice that the U.S. means business when it comes to protecting our digital assets, “critical” or otherwise.

It’s well-known that the Russian government turns a blind eye to various cybercriminals originating from its turf. At times, cybercriminals have a tangential connection to Russian intelligence or military assets.  

The Trump administration reportedly relaxed the bureaucratic decision-making process on utilizing America’s offensive cybercapabilities, and it would behoove the Biden administration to continue those efforts and expeditiously structure forward-leaning response measures to these cyber and ransomware attacks.

We have now seen in the past seven months a massive software supply chain cyberespionage campaign in SolarWinds conducted by Russian intelligence, a global-scale cyberattack by the Chinese state-sponsored group Hafnium, and an array of ransomware attacks that have picked up in recent years, including the DarkSide Russian criminal attack on the Colonial Pipeline and REvil’s $12 million ransom of JBS.

Fundamental changes to the U.S. cyberdefense posture via a recent executive order, the Cyberspace Solarium Commission legislative recommendations, and congressional efforts for further government-private sector information-sharing and breach-reporting practices are currently in the pipeline.

At some point, however, the U.S. must grapple with a mixed-use offensive and diplomatic framework to tackle nation-state and state-backed cyberattacks and espionage campaigns.

The Biden administration cannot rely on simply handing over a “do not attack” list to Putin and hoping for things to get better.

We should be telling the RussianChinese, Iranian, and North Korean governments that there will be no tolerance for state-backed cyberattacks and that willful ignorance of cyber actions against the United States will be cause for significant response. Finally, we should coordinate with allied partners around the globe—who face the same onslaught of those attacks—to join us in these efforts.

By Dustin Carmack

Dustin is a Research Fellow in Technology Policy at The Heritage Foundation.

Read Original Article on Heritage.org

The Heritage Foundation
The Heritage Foundationhttps://www.heritage.org/
The Heritage Foundation formulates and promotes public policies based on free enterprise, limited government, individual freedom, traditional values, and strong national defense.

Trump’s Middle East Triumph is Worth Celebrating Even As Peace Remains Elusive 

President Trump’s bold foreign policy defies globalist appeasement, showcasing unwavering American strength and decisive leadership on the world stage.

Are conservatives fighting a fiction of woke?

Wokery, it hurts to say it, is too disorganized to have an organized cosmology or doctrine of metaphysical belief.

Illinois Democrat Offenders Reveal Party

The crime of J.B Pritzker and Brandon Johnson in this episode of American history is called subversion at the least , but could be as serious as treason.

Inside the Public School Librarian Jihad to Keep Transgender Propaganda on Shelves

Public school librarians are doing all they can to keep child tranny propaganda flowing directly into the malleable minds of their charges.

Five Reasons Why The Latest Czech Elections Were So Important

Populist-nationalist politician Andrej Babis is poised to return to the premiership after his party's victory. Here are 5 reasons why this is so important.

New York AG Letitia James Indicted on Federal Charges

New York Attorney General Letitia James was indicted by a grand jury on federal charges, according to an indictment on unsealed on Thursday.

6 Ways Vaccine Policy Has Changed Under RFK Jr.

Health Sec RFK, Jr. and officials at the HHS changed recommendations and policies for multiple vaccines, including shots against COVID-19 and measles.

Journalists Recount Antifa Violence in Roundtable With Trump

President Trump met at the White House with journalists attacked by the newly designated terrorist group Antifa, joined by Cabinet officials for a roundtable.

IRS to Furlough 34,000 Employees as Government Shutdown Halts Treasury Operations

The IRS said in an emergency message to staff that it will furlough more than 34,000 employees starting on Oct. 8 due to the government shutdown.

Trump Says He May Invoke Insurrection Act in Portland If Necessary

President Donald Trump on Oct. 6 said he may consider invoking the Insurrection Act in Portland, Oregon, if necessary.

Trump: All Medium, Heavy Duty Trucks Entering US Will See 25 Percent Tariff on Nov. 1

President Trump announced on Monday that all medium and heavy-duty trucks entering the United States will see a 25 percent tariff starting on Nov. 1.

Treasury Names Social Security Commissioner as CEO of IRS

Treasury Sec. Scott Bessent announced that Frank Bisignano, the head of the Social Security Administration (SSA), will also serve as CEO of the IRS.

Agencies Terminated, Descoped 94 Wasteful Contracts With $8.5 Billion Ceiling Value, Says DOGE

Various federal government agencies have terminated and descoped 94 wasteful contracts over the past five days, DOGE said in an Oct. 4 post on X.
spot_img

Related Articles

Popular Categories

MAGA Business Central