President-elect Joe Biden on Thursday vowed to elevate cybersecurity as an “imperative” when he takes office and said he would not “stand idly by” in the face of cyberattacks following a massive breach that impacted the U.S. government.
“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Biden said in a statement. “We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyberattacks.”
Biden said that his administration would impose “substantial costs” on individuals responsible for malicious cyberattacks in order to deter such activity.
“Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation,” Biden said.
Earlier this week, it was revealed that foreign hackers breached a Texas-based third-party IT provider, SolarWinds, which has various clients across government and the private sector. The hackers are said to have breached some government agencies, including the Treasury, Homeland Security and Commerce departments.
The Washington Post reported that U.S. officials believe Russian government hackers are behind the cyberattack.
Sen. Richard Blumenthal (D-Conn.) appeared to confirm Russia was involved after a classified Senate Armed Services Committee briefing this week, tweeting that the attack was “stunning” and that “Americans deserve to know what is going on.”
Capitol Hill has scrambled to respond to the breach, which may have involved the hackers having access to government systems since as early as March.
It is unclear what they have had access to during this time, with other customers of SolarWinds including most of the federal government and the majority of the U.S. Fortune 500 companies. SolarWinds wrote in a filing to the Securities and Exchange Commission this week that they estimated about 18,000 customers were affected.
Biden said Thursday that his transition team has been briefed on the findings by career officials. Biden’s transition team was afforded access to federal agencies and resources in late November, after the General Services Administration acknowledged him as the apparent winner of the presidential election following weeks of delay. Biden also receives the President’s Daily Brief, a daily written intelligence summary document provided to President Trump.
Cybersecurity has been a significant challenge for consecutive administrations as hackers, foreign and domestic, increasingly look to use their capabilities for financial gain or other motivations.
Trump has been criticized for some of his rhetoric and decisions on cybersecurity. Trump was subject to scrutiny when he cast doubt on the intelligence community’s assessment that Russia interfered in the 2016 election by hacking and other means to hurt Democrat Hillary Clinton’s candidacy and help Trump’s.
Trump’s National Security Council also eliminated the role of cybersecurity coordinator in 2018, when John Bolton took over as national security adviser, and the State Department’s cybersecurity office was closed in 2017.
The nation state infiltration of systems was also made public a month after Trump fired Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA). Three other top CISA officials were forced out by the White House due to the agency’s efforts to rebut disinformation and misinformation around the security of the recent election.
CISA on Sunday moved quickly to respond to the breach, discovered after cybersecurity group FireEye was breached by the same group last week, with CISA ordering all federal agencies to immediately disconnect from or shutdown systems running SolarWinds software.