facebook linkedin twitter

Biden Wants Rules on Cybersecurity Sharpened after China, Russia Attacks

March 10, 2021 by Reece Nations
White House press secretary Jen Psaki speaks during a press briefing at the White House, Monday, March 8, 2021, in Washington. (AP Photo/Patrick Semansky)

WASHINGTON — Microsoft is placing the blame for a hack on its email software on China after President Joe Biden called on allied nations to create a new set of rules governing cybersecurity threats across the globe.

It is believed that a Chinese hacker group known as “Hafnium” orchestrated the breach by exploiting vulnerabilities in the Microsoft Exchange Server email software. The system is utilized by a wide range of industry sectors, including institutions of higher education, legal firms, defense contractors and infectious disease researchers, among many others. 

The hack was carried out using a “web shell,” an interface that allows infiltrators to remotely access web servers by executing arbitrary commands. Microsoft has since patched the flaws in the system, but the full extent of damage dealt by the widespread breach is still unknown. 

“This is an active threat,” White House Press Secretary Jen Psaki told reporters on Friday, March 5. “Everyone running these servers – government, private sector, academia – needs to act now to patch them.” 

News of the Microsoft breach broke as lawmakers were still debating their response to the SolarWinds hack allegedly tied to the Russian government last year. Last month, cybersecurity experts testified to the House Oversight and Reform Committee that the SolarWinds attack affected the software of roughly 17,000 of the company’s customers and impacted American technology companies and government agencies, The Well News previously reported

It is believed that in both instances, the hackers exploited old software loopholes to gain a backdoor into the systems. The only alterations in the systems, which went unnoticed for some time, deactivated firewalls preventing remote monitoring of the programs. 

“We must shape the rules that will govern the advance of technologies and the norms of behavior in cyberspace, artificial intelligence, biotechnology, so they are used to lift people up, not used to pin them down,” Biden said during the virtual Munich Security Conference last month. 

Through their exploits of the SolarWinds product known as “Orion,” Russian hackers were able to gain access to as many as 250 digital networks. Access to the U.S. Department of Commerce, Department of the Treasury, Department of Homeland Security, Federal Energy Regulatory Commission and other agencies was obtained through these hacks.

In response to the threats, the Biden-Harris administration is launching a task force to investigate the hacks. The White House also issued new direction through its Interim National Security Strategic Guidance plan on how to deter future technology breaches.

“U.S. and European companies are required to publicly disclose corporate governance structures, and abide by rules to deter corruption and monopolistic practices,” Biden said in remarks at the conference. “Chinese companies must be held to the same standards.” 

Biden has also tapped various veterans of cybersecurity from both the public and private sectors to lead his administration’s cybersecurity team, which had been previously left vacant by the Trump administration. 

In addition, Biden earmarked roughly $10 billion for various cybersecurity initiatives, further signaling his administration’s commitment to improving the nation’s cyber weaknesses. These funds will be allotted towards federal research and development funding, and investments in foundational computing technologies. 

As the scope of the hacks continues to come to light, Biden’s commitment to cyberinfrastructure remains a top administrative priority. 

“The challenges with Russia may be different than the ones with China, but they are just as real,” Biden said. “It is not about pitting East against West, it’s not about wanting conflict, we want a future where all nations are able to freely determine their own path without a threat of violence or coercion.” 

Cybersecurity

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

October 5, 2021
by Victoria Turner
Cybersecurity Minimum Standards Needed to Keep North America Secure

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based... Read More

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday. As much as the pandemic has accelerated the rate in which governments... Read More

September 29, 2021
by Victoria Turner
Aspen Cyber Summit Explores Collective Defense in a Digital World

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,”... Read More

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,” but there is “still a lot of work to do,” said CISA Director Jen Easterly Wednesday.  Kicking off the 6th annual Aspen Cyber Summit, Exploring Collective... Read More

September 22, 2021
by Victoria Turner
Identity Authentication Key Piece of Cybersecurity Puzzle

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S.... Read More

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council.  It “sits at the heart of zero... Read More

September 1, 2021
by Tom Ramstack
Executives Advocate for Legislation to Unite Government and Private Cybersecurity

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront... Read More

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront the kinds of cyberattacks that have wreaked havoc on U.S. computer networks in recent years. He testified to a House Homeland Security subcommittee as it considers... Read More

News From The Well
scroll top