On Monday, March 21, 2022, President Biden issued a statement “reiterating [prior] warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks” against the United States in “response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners” for Russia’s actions in Ukraine.

He notes that the Biden administration “will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure,” but that the government “can’t defend against this threat alone” and needs “the private sector and critical infrastructure owners and operators [to] accelerate efforts to lock their digital doors.”

He further urged “private sector partners to harden . . . cyber defenses immediately by implementing the best practices [the administration and partners] have developed together over the last year.” This “Shields Up” guidance is available here.

A related Fact Sheet “urge[s] companies to execute [various] steps with urgency,” including:

• Mandating multi-factor authentication to make it harder for attackers to access systems.
• Deploying modern security tools to continuously look for and mitigate threats.
• Patching and protecting systems against known vulnerabilities and changing passwords to make “previously stolen credentials . . . useless to malicious actors.”
• Backing up data and making sure offline back-ups are “beyond the reach of malicious actors.”
• Practicing emergency plans to ensure quick response to and recovery from an attack.
• Encrypting data so it cannot be used if stolen.
• Educating staff on common tactics attackers use and encouraging reporting of “unusual behavior” on systems, such as “unusual crashes or operating very slowly.”
• Engaging proactively with the FBI and/or Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) “to establish relationships in advance of any cyber incidents.”

Together, Biden notes, companies in the private sector “have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely.” He urges “everyone to do their part to meet one of the defining threats of our time,” noting that “vigilance and urgency today can prevent or mitigate attacks tomorrow.”

CISA Director Jen Easterly added that President Biden’s statement “reinforces the urgent need for all organizations, large and small, to act now to protect themselves against malicious cyber activity.” She said that CISA, “[a]s the nation’s cyber defense agency, . . . has been actively working with critical infrastructure entities to rapidly share information and mitigation guidance that will help them protect their systems” and “will continue working closely with . . . federal and industry partners to monitor the threat environment 24/7 and . . . stand ready to help organizations respond to and recover from cyberattacks.”