Navigating the Digital Battlefield: The Biden Administration’s Cybersecurity Legacy and the Path Forward

The Biden administration faced an increasingly complex and dangerous cyber threat landscape, marked by sophisticated state-sponsored attacks, the rise of ransomware, and persistent vulnerabilities in critical infrastructure. The administration responded with a series of policies and initiatives aimed at modernizing federal cybersecurity, bolstering critical infrastructure protection, fostering public-private partnerships, tackling the ransomware epidemic, and addressing the cybersecurity workforce shortage. This article examines the Biden administration’s key cybersecurity actions, their impact, and the proposed transition plan for the incoming administration to build upon this foundation and address evolving challenges.

Source: https://eng.auburn.edu/mccrary/pttf

Modernizing the Federal Fortress: Executive Order 14028 and Beyond

Recognizing the need to bolster the government’s own defenses, the Biden administration prioritized modernizing federal cybersecurity. A cornerstone of this effort was Executive Order 14028, “Improving the Nation’s Cybersecurity,” signed on May 12, 2021. This sweeping order mandated a series of security enhancements for federal agencies, emphasizing best practices and a shift towards a more proactive security posture.

Zero trust architecture, a security framework that assumes no implicit trust within a network, was a central theme of the order. By requiring continuous verification and limiting access privileges, zero trust aims to minimize the impact of breaches and contain lateral movement within compromised systems.

Complementing zero trust, the order also pushed for widespread adoption of multi-factor authentication across federal systems. This simple yet effective security measure adds an additional layer of verification beyond passwords, making it significantly more difficult for attackers to gain unauthorized access.

Recognizing the vital role of cloud services in modern government operations, the order directed agencies to accelerate their adoption of secure cloud platforms. This shift not only offers potential efficiency gains but also allows agencies to leverage the advanced security capabilities of established cloud providers.

In addition to these foundational security improvements, Executive Order 14028 also tackled the issue of software supply chain security, a critical vulnerability highlighted by high-profile breaches like the SolarWinds attack. The order required software vendors working with the government to meet specific security standards, including providing greater transparency about the components and origins of their software. This approach aimed to reduce the risk of compromised software entering government systems and bolster the integrity of the government’s software supply chain.

Beyond these preventative measures, the order also focused on enhancing the government’s ability to detect and respond to cyber incidents. Agencies were mandated to report incidents within a set timeframe and adhere to a standardized playbook for incident response. This emphasis on timely reporting and coordinated response aimed to minimize the impact of breaches and improve the government’s overall incident management capabilities.

To further bolster detection and response, the order promoted the use of Endpoint Detection and Response (EDR) tools across federal networks. EDR solutions provide continuous monitoring and threat detection capabilities at the device level, enabling security teams to rapidly identify and respond to malicious activity.

Finally, Executive Order 14028 established a Cybersecurity Review Board, modeled after the National Transportation Safety Board, to independently review and assess significant cyber incidents affecting federal networks. This board, composed of cybersecurity experts from both the government and private sector, aimed to provide objective analysis of major breaches and recommend improvements to prevent future incidents.

Protecting the Nation’s Lifelines: Critical Infrastructure Cybersecurity

Beyond bolstering the federal government’s own defenses, the Biden administration recognized the critical importance of securing the nation’s critical infrastructure. These systems, spanning sectors like energy, water, transportation, and healthcare, are essential for the functioning of society and the economy. Their disruption could have cascading and devastating consequences.

Industrial Control Systems (ICS), the specialized systems that operate critical infrastructure, were a particular focus. These systems, often reliant on legacy technologies and operating in sensitive environments, present unique cybersecurity challenges.

The administration pushed for collaboration between the government and private sector to implement measures to protect these systems. This involved sharing threat intelligence, developing sector-specific security guidelines, and conducting exercises to test incident response capabilities.

The Power of Collaboration: Public-Private Partnerships

Recognizing that the government alone cannot solve the cybersecurity challenge, the Biden administration emphasized the importance of public-private partnerships. These partnerships are essential for sharing threat intelligence, coordinating responses, developing best practices, and leveraging the expertise and resources of both sectors.

Confronting the Ransomware Scourge

The Biden administration faced an escalating ransomware threat, with high-profile attacks like the Colonial Pipeline and JBS Foods incidents highlighting the vulnerability of critical infrastructure and the economic disruption these attacks can cause.

The administration responded with a multi-pronged approach, including:

  • International Counter-Ransomware Initiative: Involving 30 countries, this initiative aimed to disrupt ransomware operations through international cooperation, intelligence sharing, and joint actions.
  • Tracing Cryptocurrency Payments: Recognizing the role of cryptocurrency in facilitating ransomware payments, the administration took steps to trace these transactions and disrupt the financial networks that support ransomware groups.
  • Sharing Information on Ransomware Actors: Law enforcement and intelligence agencies worked to collect and share information on ransomware groups, their tactics, and their infrastructure, enabling more effective disruption and prosecution efforts.

Cultivating the Next Generation of Cyber Defenders: Workforce Development

The Biden administration identified the shortage of cybersecurity professionals as a national security concern, recognizing the need for a skilled workforce to defend against evolving threats. The administration launched initiatives to:

  • Expand Training and Certification Programs: Efforts focused on increasing access to high-quality training programs and industry-recognized certifications to equip individuals with the skills needed for cybersecurity roles.
  • Promote Diversity: Recognizing the lack of diversity in the cybersecurity workforce, initiatives aimed to attract individuals from underrepresented groups, broadening the talent pool and bringing diverse perspectives to the field.
  • Develop New Talent Pipelines: Public-private partnerships played a key role in developing new talent pipelines, including apprenticeship programs, internships, and initiatives targeting students at the K-12 level to spark early interest in cybersecurity.

Empowering the Guardians: Strengthening Key Agencies

The Biden administration recognized the need for strong and well-resourced agencies to lead the nation’s cybersecurity efforts. Several agencies were given expanded roles and responsibilities, along with increased funding to support their critical missions.

CISA: The Frontline Defender

The Cybersecurity and Infrastructure Security Agency (CISA) was designated as the lead civilian cybersecurity agency, tasked with protecting federal civilian networks and coordinating cybersecurity efforts across the government and with the private sector. The administration recognized CISA’s expertise in threat analysis, vulnerability management, incident response, and its role as a trusted advisor to critical infrastructure operators.

ONCD: The Strategic Coordinator

The Office of the National Cyber Director (ONCD) was established through the National Defense Authorization Act for Fiscal Year 2021. This new office was tasked with overseeing and coordinating national cybersecurity policy and strategy across all levels of government. The ONCD’s responsibilities include facilitating interagency collaboration, driving cybersecurity investments across the government, and engaging with the private sector to ensure a unified and comprehensive approach to cybersecurity.

State Department: The Global Advocate

Recognizing that cyber threats transcend national borders, the Biden administration also sought to strengthen the State Department’s role in international cyber diplomacy. This included recommendations for greater investment in the Bureau of Cyberspace and Digital Policy to empower U.S. embassies worldwide to address cyber policy concerns and foster cooperation with international partners.

Streamlining the Cybersecurity Landscape: Regulatory Harmonization

The Biden administration acknowledged the need to harmonize and modernize cybersecurity regulations, recognizing that the existing regulatory landscape was fragmented and sometimes hindered effective security efforts. Key recommendations included:

  • Comprehensive Review: Conducting a thorough review of existing cybersecurity regulations and laws to identify gaps, overlaps, and outdated provisions that no longer effectively address the current threat environment.
  • Streamlining and Coordination: Streamlining regulations across different agencies to reduce complexity and ensure consistency, while also improving coordination between agencies to avoid conflicting or duplicative requirements.
  • Adaptable Cybersecurity Standards: Developing a common set of adaptable cybersecurity standards that can be tailored to the specific needs of different critical infrastructure sectors, providing clear guidance to organizations while allowing for flexibility to address evolving threats.

Bridging the Resource Gap

The Biden administration recognized that effective cybersecurity requires sustained investment and that resource gaps can undermine even the best-intentioned policies. While the administration increased cybersecurity budgets, concerns remained about uneven funding and the need for greater resources for key agencies. This included:

  • Sector Risk Management Agencies (SRMAs): These agencies, responsible for coordinating cybersecurity efforts within specific critical infrastructure sectors, often faced uneven funding that hampered their ability to effectively engage with critical infrastructure owners and operators.
  • National Institute of Standards and Technology (NIST): NIST plays a crucial role in developing cybersecurity guidelines and standards that are widely adopted by both the public and private sectors. However, budget limitations hindered NIST’s ability to fully support these efforts and keep pace with the rapidly evolving threat landscape.

Ensuring Continuity in the Face of Disruption: The COTE Plan

The Biden administration also highlighted the need for a national Continuity of the Economy (COTE) plan to ensure the resilience of critical economic functions in the event of significant cyber disruptions. A COTE plan would outline strategies for maintaining essential services, coordinating response efforts, and recovering from major cyber incidents that could impact the nation’s economic stability.

While the FY21 National Defense Authorization Act (NDAA) authorized the development of a COTE plan, the administration’s initial report to Congress in August 2023 downplayed the need for additional planning, drawing criticism from cybersecurity experts who emphasized the importance of a robust and comprehensive COTE plan involving both public and private sector stakeholders.

The Transition Plan: Recommendations for the Incoming Administration

As the Biden administration’s term came to a close, a bipartisan task force of former federal officials and cybersecurity experts released a comprehensive report outlining recommendations for the incoming administration. This report, intended to be a roadmap for strengthening U.S. cybersecurity regardless of who takes office, provides a set of actionable recommendations to build upon the Biden administration’s legacy and address evolving challenges.

Unifying the Regulatory Landscape

The report highlights the need to address the fragmented and sometimes outdated cybersecurity regulatory landscape. Key recommendations include:

  • Comprehensive Review: Conducting a thorough review of existing cybersecurity-related statutes and regulations to identify inconsistencies, gaps, and outdated definitions that hinder effective cybersecurity efforts.
  • Synchronization of Authorities: Synchronizing authorities across different government titles and agencies to enable more effective coordination between military, intelligence, and law enforcement agencies in cyberspace operations.
  • Modernizing Legislation: Proposing new legislation to address identified gaps, particularly in areas where existing laws struggle to keep pace with rapidly evolving technology and threats.

Strengthening National Multi-Stakeholder Collaboration

The report emphasizes the importance of collaboration between government agencies, the private sector, and other stakeholders in addressing cybersecurity challenges. Key recommendations include:

  • Enhancing the Role of ONCD: Strengthening the Office of the National Cyber Director’s role and authorities to effectively coordinate cyber incident response, drive interagency coordination, and influence budget allocations for cybersecurity initiatives across agencies.
  • Strengthening CISA: Strengthening CISA’s capabilities and mandate, clarifying its responsibilities, and providing it with sufficient resources to fulfill its role as the national coordinator for critical infrastructure security and resilience.
  • Operationalizing Public-Private Partnerships: Establishing co-managed risk and resilience organizations, developing secure information-sharing platforms, and integrating private sector companies more effectively into coordinated cyber incident response efforts.
  • Strengthening Intelligence Sharing: Enhancing mechanisms for sharing classified threat intelligence with cleared private sector leaders, particularly in critical infrastructure sectors, and developing clear processes for rapidly downgrading and declassifying actionable threat intelligence during cyber incidents.

Deterrence and Cost Imposition in Cyberspace

The report calls for a shift from a purely defensive posture to one that imposes real costs on cyber adversaries and deters malicious activity. Key recommendations include:

  • Developing a Comprehensive System for Critical Asset Identification and Prioritization: Establishing clear criteria and processes for identifying and prioritizing critical assets, ensuring that resources and efforts are focused on protecting the most vital systems.
  • Enhancing Operational Capabilities through Campaign Plans and Playbooks: Developing detailed and adaptable playbooks for responding to various cyber incidents and adversary actions, as well as creating campaign plans for persistent engagement with specific adversaries.
  • Designating State Sponsors of Cybercrime: Establishing a formal process for designating nations as state sponsors of cybercrime, similar to the existing state sponsors of terrorism list, holding accountable nations that support or harbor cybercriminals.

Building a Robust Cybersecurity Workforce

The report recognizes the critical importance of addressing the cybersecurity workforce shortage and building a pipeline of skilled professionals. Key recommendations include:

  • Developing a National K-12 Cybersecurity Curriculum: Introducing students to key cybersecurity concepts and skills early on, fostering interest in the field, and preparing them for future careers in cybersecurity.
  • Expanding Existing Programs: Expanding programs like CyberCorps, Scholarship for Service, and the National Centers of Academic Excellence in Cybersecurity to cover a wider range of cybersecurity specialties and educational levels.
  • Creating a Flexible Volunteer System: Creating a Cyber Civilian Response Corps, allowing cybersecurity professionals to contribute their skills during crises or specific projects.
  • Implementing Flexible Employment Arrangements: Implementing policies that allow for more flexible employment arrangements, such as part-time government service or short-term assignments for private sector experts.

Safeguarding Critical and Emerging Technologies

The report underscores the importance of securing critical and emerging technologies, such as artificial intelligence, quantum computing, and advanced semiconductors, to maintain U.S. leadership in these areas while mitigating associated cybersecurity risks. Key recommendations include:

  • Evolving and Unifying National Lists for Critical and Emerging Technologies: Creating a unified national list of critical and emerging technologies and prohibited entities to streamline oversight and ensure consistency in identifying and protecting these technologies.
  • Enhancing Supply Chain Security: Implementing measures to enhance supply chain security for critical technologies, reducing the risk of compromise or disruption.
  • Developing a Quantum-Safe Cryptography Transition Plan: Developing a comprehensive plan for transitioning government systems and critical infrastructure to quantum-safe cryptography, addressing vulnerabilities to potential quantum computing attacks.

First 100 Days

Here are five steps recommended for the incoming administration to undertake in the first 100 days:

  • Establish a high-level task force to begin regulatory harmonization: This should be a whole-of-government effort led by the National Cyber Director with clear deadlines and accountability.
  • Initiate a comprehensive review of our national cybersecurity strategy: The review should focus on enhancing deterrence and cost-imposition capabilities.
  • Launch a national initiative to address the cybersecurity workforce shortage: Immediate steps should include expanding training programs and creating new pathways into the field.
  • Convene a summit of industry leaders: This summit should focus on strengthening public-private partnerships and developing plans for enhancing critical infrastructure security.
  • Begin developing a national Continuity of the Economy plan: The plan should ensure the nation’s ability to maintain essential economic functions during significant cyber disruptions.

A bipartisan report, composed of approximately 40 recommendations, was written by former federal officials from the last five presidential administrations and suggests a plan for the next administration to address cybersecurity issues. The report suggests these five steps as key for the next administration to undertake in the first 100 days.

Resources, Economy, and Continuity

The report stresses the need for adequate resources to support cybersecurity efforts and ensure the continuity of the economy during significant cyber disruptions. Key recommendations include:

  • Significantly Increasing Budget and Resources for SRMAs: Providing SRMAs with sufficient funding to effectively coordinate cybersecurity efforts within their respective sectors and support critical infrastructure owners and operators.
  • Enhancing NIST Funding: Increasing funding for NIST to support its critical work in developing cybersecurity standards and guidelines, ensuring the institute can keep pace with the evolving threat landscape and meet the needs of both the public and private sectors.
  • Conducting Robust Continuity of the Economy Planning: Developing a comprehensive national COTE plan to ensure the nation’s ability to maintain essential economic functions in the face of significant cyber disruptions, involving robust cyber threat intelligence, national-level tabletop exercises, and engagement with private sector and critical infrastructure stakeholders.

A Call to Action: Securing America’s Digital Future

The Biden administration made significant strides in strengthening U.S. cybersecurity, recognizing the escalating threat and taking steps to modernize federal systems, bolster critical infrastructure protection, foster public-private partnerships, combat ransomware, and address the cybersecurity workforce shortage. However, the cyber threat landscape is constantly evolving, requiring sustained commitment and ongoing adaptation.

The transition plan outlined in the bipartisan task force report provides a roadmap for the incoming administration to build upon the Biden administration’s progress and tackle the challenges ahead. Implementing these recommendations will require a whole-of-nation approach, involving collaboration across government agencies, the private sector, academia, and international partners.

Securing America’s digital future is not a partisan issue; it is a national imperative that requires a unified and sustained effort to protect our economy, national security, and way of life. By embracing the recommendations outlined in the transition plan and fostering a culture of cybersecurity across all levels of society, the United States can position itself to effectively navigate the digital battlefield and build a more secure and resilient future.

Leave a Reply