What Biden Is Doing on the Other Viral Pandemic

COMMENTARY

Memorial Day Weekend will be the first time millions of Americans have traveled in 14 months, signaling the possible end of the COVID-19 pandemic. But another virus, this one causing a cyber- attack on one of the nation’s largest oil and gas pipeline, nearly upended these plans. Long gas lines and high prices led to comparisons of the 1970s oil crisis. But this was not a gas crisis; it was a symptom of the new, ongoing pandemic that is occurring in cyberspace.

This cyber virus is human-made and human-disseminated and can make the United States very ill. Beyond the Colonial Pipeline hack, the past few months saw the largest cyber-espionage attack in history, the tampering of a water treatment facility that could have poisoned thousands, and the disruption of schools and hospitals through ransomware attacks.

Fortunately, unlike the 2020 pandemic under former President Donald Trump, President Joe Biden has taken this cyber virus seriously and acted quickly to better inoculate us from this threat. 

For example, last week, Biden issued an executive order roundly applauded by the cybersecurity community. His executive order strengthens the federal government’s networks and raises the security standards for software that businesses and local governments rely upon. Specifically, this executive order places security standards on software companies that sell products to the government, requires IT companies that work for the government to report when they have been breached, and launches a pilot program to make an “energy star” label that shows if a product was developed securely. Taken together, these measures improve the government’s cyber security and benefit consumers who often use the same products. Quite simply, it makes it much harder for malicious actors to hack into sensitive government or private systems through software companies.  

In addition, Biden called on the Department of Energy to launch a 100-day plan to help electric utilities secure their control systems and supply chain to prevent any disruption of services. Several federal agencies also participated in a privately led task force to develop a series of policy proposals to combat ransomware, like the one that impacted Colonial Pipeline. And, similarly, the Departments of Justice and Homeland Security announced a series of initiatives to further help private and public partners with the scourge of ransomware. For DHS, this is just one of three “sprints” that the Department is undertaking to help their partners. The other two sprints will expand DHS’ workforce so it can be more responsive to its partners’ needs and mobilize resources to assist critical infrastructure partners, like water plants, secure their systems.

To show he is serious, Biden is placing money where his mouth is. Within his first few days of being confirmed, DHS Secretary Alejandro Mayorkas increased the amount of cybersecurity grants awarded to state and locals by at least $25 million. Shortly thereafter, Congress passed President Biden’s American Rescue Plan, which contained nearly $2 billion to secure federal networks, replace outdated federal IT systems, and protect the COVID-19 vaccine supply chain from cyber attacks. And, realizing that $2 billion is just a drop in the bucket compared to the over $1 trillion the global economy has lost to cybercrime since 2018, the President’s American Jobs Plan contains billions of funds that could be used for cybersecurity. This includes $100 billion for securing high-speed broadband, $20 billion for supporting critical infrastructure resiliency, and $650 million for improving DHS’ cybersecurity monitoring and incident response activities, among other initiatives.   

Just as the COVID-19 virus was global, so are cyber viruses, and Biden seems willing to go after the source of this pandemic by condemning and punishing the malicious actors behind these attacks. The Treasury Department issued sweeping sanctions on Russia for their involvement in the SolarWinds attack and meddling in US elections. And shortly after the Colonial Pipeline attack, Biden issued a warning to Russia saying “they have a responsibility to deal with this” due to the criminals operating there. More important, the administration has shown a willingness to disrupt criminal infrastructure used to launch cyberattacks if other countries refuse to take action.  

To be sure, it will take time for these measures to be felt and they are not a silver bullet to this pandemic.  

We have a long way to go. But, with these actions and resources, the U.S. government can build the antibodies to withstand this pandemic, while rooting out the actors who proliferate this virus.   

Michael Garcia is a Senior Policy Advisor in the National Security Program at Third Way, Michael supports the Program’s Cyber Enforcement Initiative in strengthening U.S. law enforcement’s ability to identify, stop, and bring to justice cybercriminals. He brings to the role unique insight in developing policies and legislation at the state and federal levels. You can read his full bio here.