As Cyberattacks Surge, Biden Is Seeking To Mount A Better Defense

President Biden received no grace period when it came to cyber hacks.

"The cyber pressures that this administration has faced so far have been relentless," said April Falcon Doss, a former National Security Agency official who now heads a technology program at the Georgetown University Law Center.

As the cyber breaches pile up, cyber experts say it's important to note the country is facing two distinct threats.

"There clearly is a dividing line between cyber hacks for intelligence gathering purposes, and these ransomware attacks that are designed principally for financial benefit," said Glenn Gerstell, a senior NSA official before stepping down last year.

On one side of that line is the SolarWinds attack uncovered last December. The Biden administration says this was primarily an intelligence gathering operation carried out by Russia's foreign intelligence service, the SVR, which was quietly stealing U.S. government secrets for months.

On the other side is ransomware, which is surging. Russian criminal gangs are blamed for both the Colonial Pipeline attack that hit gasoline supplies on the East Coast of the U.S. in May, and this week's hack that briefly shut down the world's largest meat supplier, JBS.

These duel threats require different responses, Gerstell said. But he's quick to add, "Both the intelligence attacks and some of the most significant ransomware attacks have one thing in common, and that's Russia."

Upcoming summit

Biden says he'll raise the cyber intrusions with Russian leader Vladimir Putin at a June 16 summit in Geneva, Switzerland.

Despite all the evidence pointing to Russia, Putin denies Russian involvement in the intelligence hacks, and shrugs his shoulders when asked about the ransomware attacks attributed to criminals based in Russia.

Gerstell says the U.S. shouldn't accept this answer.

"It's almost impossible to believe that a major criminal gang would operate inside of Russia, and have real world effects in the United States, and Putin wouldn't know about it," he says. I think it's pretty clear that these criminal gangs operate either with the express approval of the Kremlin or at least the Kremlin is turning a blind eye to them."

FBI Director Christopher Wray told The Wall Street Journal in a story published Friday that the bureau is investigating about 100 types of ransomware, many linked to Russia.

The Justice Department, meanwhile, now says that it will pursue ransomware cases in a manner similar to the way it investigates terrorism.

In addition to Russia, China is the other leading threat. The Chinese focus has generally been on stealing cutting-edge U.S. technology in fields that include quantum computing, artificial intelligence, bio-medicine, renewable energy and electric cars.

President's plan

Last month, Biden laid out his cyber strategy in a detailed executive order. April Falcon Doss says it's a good start.

"There are many departments and agencies across government that really have cybersecurity postures that lag behind where they should be," she says.

While Biden can set the standards for securing government computer networks, he's much more limited when it comes to ransomware and the private sector.

"The government won't be able to actively protect the private sector from any possible ransomware attack because, thankfully, the government doesn't control the Internet. We wouldn't want that," Doss says.

Protecting the private sector falls to people like Adam Meyers, senior vice president for intelligence at the cybersecurity firm CrowdStrike.

"These companies can't put their head in the sand and hope it's not going to happen to them," Meyers says. "The only way to prevent this from happening is to improve your security posture. And these are concepts we've been talking about since I was a teenager."

Meyers says too many companies aren't keeping their cyberdefenses up-to-date. He cites the attack on the meat company, JBS, carried out with malware known as REvil. Meyers knows it well, but says many potential victims don't.

"I guarantee, lots of organizations in the food processing world right now are Googling, 'What is REvil?' " he says. "If you need to look it up when it's happening, you're in a real bad spot."

How bad? Well, consider what the current ransom demand is for an attack on a large company.

"I see the payments going out, and the payments are just stomach-churning figures: two, four, eight, 10, 30 million dollars."

It's a price he believes many more companies will have to pay.

Greg Myre is an NPR national security correspondent. Follow him @gregmyre1.