News

White House: Harden Infrastructure Security Now

U.S. "critical infrastructure" operators should "harden their cyberdefenses immediately" against possible Russian attacks, per a warning by The Biden White House this week.

The message was a repeat warning from similar White House communications back in November, presaging Russia's attack on the Ukraine. However, now "evolving intelligence" is suggesting that "the Russian Government is exploring options for potential cyberattacks" on U.S. infrastructure, the March 21 White House statement indicated.

Steps To Take
The security hardening steps organizations should observe are summarized in this "Fact Sheet" statement that accompanied the White House warning.

In short, the White House wants organizations to use "multifactor authentication," a secondary means of verifying identity beside a user name and password, although organizations should avoid misconfigurations. Network systems should be patched and protected. Organizations should use tools to detect and address threats.

Organizations also should have "offline backup" systems in place that can't be reached by attackers. Data should be encrypted to make it useless to attackers.

Drills should be conducted to test emergency response plans in organizations should an attack happen. Employees should be educated on common attack methods that can occur via e-mail or Web sites.

Organizations should reference CISA and FBI Web sites for technical information and resources.

The White House "Fact Sheet" also appealed to software makers to build security into their products from the beginning. They should isolate the systems on which their software is built to prevent tampering, and use automated code-review tools to detect and fix vulnerabilities. Software makers should also use a "software bill of materials" to keep track of the software components they use, including open source code.

Private Sector Ownership
The White House made its appeal to critical infrastructure operators, such as pipeline, water and electricity utility operators, with the understanding that a lot of that infrastructure isn't wholly under federal government control.

"Most of America's critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors," the statement indicated.

The White House appeal has precedent. In May of last year, privately owned Colonial Pipeline's operations were disrupted by a ransomware attack. It temporarily disrupted about 45 percent of fuel supplies to the U.S. East.

Following the Colonial Pipeline attack, CISA (Cybersecurity and Infrastructure Security Agency) and the FBI had issued similar advice on what infrastructure operators should do to harden security.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.