Biden directs national security agencies to strengthen their digital defenses
President Joe Biden on Wednesday signed a national security memorandum aimed at strengthening the cybersecurity of networks used in the country’s national defense, as the administration issues warnings of potential digital strikes by Russian hackers over the escalating crisis in Ukraine.
The 17-page document specifies how the national security systems and networks utilized by the Defense Department and the U.S. intelligence community must meet the same standards that were laid out for civilian federal agencies and contractors under last year’s sweeping executive order, which was issued in the wake of the SolarWinds espionage campaign and the ransomware attack on the Colonial Pipeline.
“Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems,” the White House said in a fact sheet accompanying the new document.
The memorandum gives the National Security Agency — the country’s premier digital spy agency — some of the regulatory powers that were bestowed upon the Homeland Security Department and its Cybersecurity and Infrastructure Security Agency (CISA) by the May 2021 directive.
Under the new memorandum, the Pentagon and the 18-member clandestine community would be required to identify their national security systems and report any cyber incidents to the NSA, which is already the “national manager” for the federal government’s classified systems.
The document authorizes the nation's top electronic spy agency to draw up binding operational directives — similar to the kind issued last November by CISA — that mandate agencies take specific actions against known or suspected cybersecurity vulnerabilities. It also directs NSA and DHS to share their work with each other and determine if any of the requirements hashed out by one can be adopted by the other.
The memo was issued as the Biden administration has warned of possible blowback from Russian cybercriminals over the deteriorating security situation in Ukraine, with Moscow preparing another possible military offensive into its neighbor, a former Soviet satellite state.
Last week, CISA, the FBI and the NSA issued a joint alert to critical infrastructure operators about threats from Russian state-sponsored hackers. On Tuesday, CISA told U.S. businesses and others working with Ukrainian organizations to “take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.”
Ukraine itself was struck by a cyberattack last week that warned Ukrainians to "be afraid and expect the worst." Ten Ukrainian government websites were defaced after hackers compromised the IT systems of a government contractor responsible for managing the impacted servers. In addition, tech giant Microsoft observed a malware attack on Ukraine that “is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.”
The malicious digital campaign represents “an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine,” the company warned.
Ukrainian officials have said they suspect Moscow is behind the attacks.
Similar to last year’s executive order, the national security memorandum sets deadlines for a number of different actions and reports to track how agencies are identifying and filling security gaps.
The memo requires agencies to secure so-called “cross domain solutions,” tools that move data between classified and unclassified systems. Agencies must inventory their tools and the NSA to establish security standards and testing requirements for such systems.
The document also requires agencies to deploy multi-factor authentication and implement a revamp of their networks based on zero-trust, which assumes that hackers are already inside a network and emphasizes stopping them from jumping to other systems.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.