President Biden telling the private sector it is responsible for its own defense against Russian cyberattacks has drawn critics who counter that fighting off a hostile nation is the federal government’s job.
Mr. Biden this week reiterated the government’s warnings that Russia could launch cyberattacks on US companies and cited “evolving intelligence” about the Russian government’s plans. On Monday evening, the president followed up with a tweet telling businesses about his view of their duty to defend against Russia.
“The federal government is doing its part to get ready for potential Russian cyberattacks,” Mr. Biden tweeted. “We are prepared to help private sector companies with tools and expertise, but it is your decision as to the steps you’ll take and your responsibility to take them.”
The president’s message left many Americans wondering if he meant the government is letting go of leadership on cybersecurity.
“Chief among the limited powers the people have ceded to the federal government is the provision for national defense,” tweeted CatholicVote, a right-leaning advocacy group. “You’re on your own is not acceptable.”
The Biden administration’s lead domestic cyber agency on Tuesday sought to clear up some of the confusion. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, took to Twitter to better define the government and industry’s roles for cybersecurity.
“Cyber defense of the nation is a collective responsibility,” Ms. Easterly tweeted. “As the nation’s cyber defense agency, @CISAgov will continue working closely with our fed & industry partners to monitor the threat environment 24/7 & rapidly share actionable information & mitigation guidance.”
Ms. Easterly also urged people to report cyber incidents to her agency and added, “We’re in this together & we’re (truly!) here to help.”
CISA has taken a lead role in the Biden administration in forming new partnerships with the private sector to defend against hackers and attackers. The administration created the Joint Cyber Defense Collaborative that partners federal agencies with private businesses to defend against cyber threats.
Mr. Biden’s Monday messages on the potential for Russian cyberattacks and the limits of the government’s responsibility stand in stark contrast to his previous comments about defending American critical infrastructure and making it off-limits to Russian cyberattackers.
In June 2021, Mr. Biden told Russian President Vladimir Putin that several industry sectors were out of bounds for cyberattacks, including healthcare, energy, and the financial services sector, among others.
The onslaught of ransomware attacks and hacks hitting businesses did not stop after Mr. Biden’s ultimatum to Mr. Putin and Russia‘s invasion of Ukraine has spread fear that more damage to America is forthcoming.
Former Rep. Mike Rogers, Michigan Republican who chaired the House Intelligence Committee from 2011 to 2015, said the US needs to lead on cybersecurity issues involving things like public-private information sharing and cyber insurance instead of making “empty statements.”
“We’re leaving the private sector to defend itself against the cyber threats from Russia and China,” Mr. Rogers said in a statement. “Think about that — it’s as if we are expecting banks, power companies, healthcare providers, manufacturing firms, and others to defend against bomber attacks.”
Federal and state officials are concerned about Mr. Biden’s warnings too. Maryland Gov. Larry Hogan said Tuesday that his state is focused on cyber threats from Russia and believes Mr. Putin will look to retaliate against America for imposing sanctions.
“I think we’re doing everything that anyone can think of to keep us safe,” Mr. Hogan, a Republican, told CNBC. “I think businesses are doing it, local and state governments and the federal government, all of our security agencies, are working on it but I’m not convinced that they won’t be able to get through.”