If you go to the website of the National Security Agency and scroll down half a page, you’ll come to a link for what the NSA calls its “Cybersecurity Collaboration Center” for sharing ideas with tech companies about stopping malware attacks.
This is personal for President Biden and his national security adviser, Jake Sullivan. They believed the Trump administration had adopted a “laissez-faire” attitude toward what was becoming an undeclared war in cyberspace. Colleagues say Sullivan began focusing on the issue in late November, during the transition. “He’s as involved in this as anything in his portfolio,” says one senior administration official.
Cyberattacks on U.S. targets have, if anything, escalated since Biden took office. A ransomware assault by Russian hackers in May crippled the Colonial Pipeline; China’s spy service in March breached the Microsoft Exchange Server software used by many thousands of companies.
But the United States at least appears to be fighting back. Over the past seven months, Biden has taken a series of actions, often with little fanfare, to mobilize a response across the government and private sector. It’s led by NSA veteran Anne Neuberger, who served there for 10 years, most recently as director of cybersecurity, before Sullivan recruited her to the White House as a deputy national security adviser.
The countermeasures sound bureaucratic, but they have teeth. A May executive order mandated better commercial security standards within six months and created a Cyber Safety Review Board to assess malware attacks the way the National Transportation Safety Board investigates air crashes. The White House is responding to breaches with a “Unified Coordination Group” that includes private companies as well as government agencies. The NSA, FBI and Department of Homeland Security are issuing a string of public advisories explaining how to reduce vulnerabilities, such as securing wireless devices in public places.
Russia is a special threat. Biden warned President Vladimir Putin about cyberattacks in their June summit meeting in Geneva and demanded that Russia pursue criminal hackers operating within its territory. He also proposed an agreement that 16 areas of vital infrastructure should be “off limits” to attack, the way hospitals are under the Geneva Conventions.
Russian actions are hard to judge, but the Kremlin appears to have responded favorably. Two weeks after the summit, Alexander Bortnikov, the head of Russia’s FSB security agency, said in Moscow: “We will work together [on locating hackers] and hope for reciprocity.”
The NSA and other intelligence agencies have also given a public hint of U.S. retaliatory capabilities. Two weeks after Colonial Pipeline paid a ransom of 75 bitcoin to a Russian hacking group called DarkSide, the Justice Department announced it had seized about 64 bitcoin, worth about $2.3 million, from a hidden cryptocurrency wallet.
“The private key for the Subject Address is in the possession of the FBI,” said an affidavit revealed June 7. That’s the law enforcement equivalent of hacker slang boasting: “We pwned you.”
“The recovery of the Bitcoin ransom has been an excellent move that should have happened far earlier and far more often and should be repeated,” argued Jean-Louis Gergorin, a French cybersecurity expert. He also said he was “convinced” that the FSB’s Bortnikov has curbed some Russian ransomware attacks as part of “some kind of implicit mutual restraint agreement between Russia and the United States."
China’s recent cyberattacks have been as brazen as Russia’s. Microsoft revealed in March that the security of its widely used Exchange software had been breached, compromising tens of thousands of networks worldwide. In July, the Biden administration revealed that this devastating hack was organized by China’s Ministry of State Security, working through a network of criminal contract hackers. Joining this startling attribution of Chinese “irresponsible behavior” were the European Union, Britain and NATO.
As the Exchange hack illustrated, a low-level cyberwar is being fought on terrain that is largely private. Part of the Biden administration’s response has been to work more closely with technology companies to respond better to attacks — and prevent new ones. After the Exchange breach, the White House connected with Microsoft President Brad Smith, and the company quickly developed a patch for vulnerable software.
And the invisible gremlins at the National Security Agency? They joined other intelligence agencies in publishing 31 detailed pages explaining the tactics, techniques and procedures the Chinese were using to get inside private networks. “The Fort,” as NSA headquarters at Fort Meade is known, doesn’t seem to be a closed bunker anymore.
President Joe Biden: What you need to know
The Biden Cabinet: Who has been selected
Biden appointees: Who is filling key roles