How Will Biden Administration Tackle Cybersecurity?Security Experts Call for Greater Cyber Deterrence, Spending, Partnerships
In less than a month, President-elect Joe Biden will be sworn into office and immediately confront a list of cybersecurity problems ranging from a now-leaderless Cybersecurity and Infrastructure Security Agency to the SolarWinds breach, which affected large portions of the federal government and private industry.
See Also: Account Takeover Goes Mobile
Before the election, Biden spoke generally about how his approach to foreign policy, such as rebuilding alliances with European allies, and how a more direct approach to Russia would shape not only national security in his administration but cybersecurity, as well (see: What a Joe Biden Presidency Means for Cybersecurity).
On Monday, post-SolarWinds, Biden took a much more direct approach to cybersecurity, noting that the U.S. risks falling behind countries such as China and Russia.
"We're still learning about the extent of the SolarWinds attack and the vulnerabilities that have been exposed," Biden said. "This attack constitutes a grave risk for national security. We need to close the gap between where our capabilities are now and where they need to be better to deter, detect, disrupt and respond to those sorts of intrusions in the future."
While Biden and his transition team have not yet released specific cybersecurity policies, he recently noted that it "may take billions of dollars to secure our cyberspace," over the next several years and that those who were responsible for the SolarWinds hack "can be assured that we will respond and probably respond in kind."
Besides SolarWinds, the new Biden administration will face a host of other issues, including CISA, which has seen its leadership hollowed out following the post-election firing of former Director Christopher Krebs.
Cybersecurity experts and analysts agree that how Biden and his administration address these issues in the first critical weeks is likely to set the tone for the next four years, as the nation faces several security obstacles both foreign and domestic. Their suggestions range from filling key leadership spots, such as the CISA director, to confronting overseas adversaries to building deeper relationships with the private sector.
As the events surrounding the SolarWinds breach continue to unfold, how the Biden administration responds during its first few weeks will likely shape a large portion of the White House's cybersecurity policy going forward, says Phil Reitinger, president and CEO of the Global Cyber Alliance, and the former director of the National Cybersecurity Center within the Department of Homeland Security.
"It likely goes without saying that the response to the SolarWinds hack, both to contain and to remediate the immediate consequences and then to address the vulnerabilities demonstrated, will be a very high priority," Reitinger tells Information Security Media Group. "And a big question will be how the new administration wants to do that remediation. Will there be significant architecture changes?"
Reitinger notes that, while Biden and his incoming team are likely to address some of these issues by talking about increasing budgets for agencies such as CISA and strengthening partnerships, the response to SolarWinds will be crucial to the four years that will follow. This likely means Biden and Vice President-elect Kamala Harris will take a much more hands-on approach to security.
"The most important step the president-elect mentioned was to 'elevate cybersecurity as an imperative across the government.' It is beyond question that the most critical factor in cybersecurity is executive leadership, and so I would expect that both the president-elect and vice president-elect would be personally involved in leading cybersecurity efforts and work closely with appointed cybersecurity leaders," Reitinger says.
As both a candidate and the president-elect, Biden said he plans to break with the Trump administration's isolationist views and distrust of global agreements, and seek to rebuild relationships with other elected officials and governments around the world (see: Biden's Cybersecurity Mission: Regain Momentum).
Beyond lining up international coalitions to address these issues, Greg Touhill, a retired U.S. brigadier general who served as the country's first federal CISO, says he would urge the Biden administration to show nation-states that sponsor this type of hacking that the U.S. is ready to deter these attacks even before they happen.
"We need to have a more credible deterrent posture, and what we've been communicating - but maybe not well enough - is that the United States of America will use all tools in its toolkit to deter and defend against cyberattacks," Touhill, who's now CEO of Appgate Federal, says. "And, you know, the instruments of power in the United States are very potent: We have diplomatic, we have economic, we have political and we have military."
Beyond international agreements, retired General Keith Alexander, who led both U.S. Cyber Command and the National Security Agency, believes the Biden administration needs to fully embrace partnerships with private sector companies to share intelligence and best practices when confronting threats as profound as SolarWinds (see: Ex-NSA Director: SolarWinds Breach Is 'A Call for Action').
"We need to work together - one team for the good of our country," Alexander, who is now CEO of IronNet Cybersecurity, told ISMG in a previous interview. "I think there's that part, and then incentivize the sharing between the public and private sector. When I was in government, we put together something called the Enduring Security Framework. And while you can't bring everybody into a classified discussion, you can talk to key leaders from the industry. And you can show them what's going on so that they have an understanding and they can hear the intelligence resources and methods of information, but they also know that we're not hyping the threat."
While the Biden transition team has not officially named its choice to lead CISA and some other key cybersecurity agencies, the president-elect has picked two former Obama White House officials to lead the Department of Homeland Security and the Office of Director of National Intelligence, which each have vast oversight over the nation's cybersecurity response and policy (see: Biden Reveals Picks to Head DHS, Intelligence).
Biden has tapped Alejandro Mayorkas as his secretary of homeland security and Avril Haines as director of national intelligence.
Tom Kellermann, who served as a cybersecurity adviser to former President Barack Obama and is now the head of cybersecurity strategy at VMware, believes that, beyond these top-level positions at DHS and ODNI, the Biden administration can strengthen cybersecurity at other levels, as well. This includes bringing back the assistant secretary for cyber coordination at the State Department and reestablishing the national cyber director within the White House, which lawmakers from both parties have been urging (see: Defense Bill Would Restore White House Cybersecurity Post).
Looking beyond these agencies, Kellermann also advocates for moving the U.S. Secret Service from Homeland Security back to its original home at Treasury to better help investigate financial cybercrimes as well as the hacking of critical infrastructure. He also urges the Biden team to put more money into the threat hunting capabilities offered by agencies such as CISA.
"They should increase funding and authorities for CISA, and one such authority should be to expand threat hunting to critical infrastructure," Kellermann tells ISMG. "The Biden administration should also authorize Cyber Command to degrade and disrupt nation-state cyber campaigns."
Mike Hamilton, former vice chairman of the DHS State, Local, Tribal, and Territorial Government Coordinating Council and current CISO at CI Security, also believes the Biden administration can address cyberthreats such as the SolarWinds breach by reestablishing the White House-level cyber coordinator position and empowering that office to ensure that government agencies are following strict security guidelines.
"Bring on a cyber czar or equivalent to enforce policies consistently across federal agencies, but also as an advocate for a focus on security nationally across public and private sectors," Hamilton tells ISMG. "This individual should immediately revoke the policy of ‘de minimis’ use for federal employees and cut the federal attack surface by 40%."
While the issue of SolarWinds and the potential that a nation-state carried out the attack has put a focus on threats from the outside, the Biden administration is also likely to confront a host of domestic issues, as well. For Scott Shackelford, chair of Indiana University's cybersecurity program, this means confronting cyberthreats such as ransomware, which have affected state and local communities and caused millions in damage (see: More Ransomware-as-a-Service Operations Seek Affiliates).
"Given the ongoing pandemic and the fact that we are living an increasing percentage of our personal and professional lives online, the targets for cybercriminals and adversarial nation-states have only multiplied," Shackelford says. "We have seen that play out especially in the ransomware context with double-digit percentage increases in the number of these attacks over the past year. Going forward, it will be imperative for the incoming Biden administration to craft a coordinated federal response to this ongoing cyber epidemic which is causing local governments to spend ever more on recovery at a time when their budgets are already strapped, with potentially worse to come."