News

White House: Harden Infrastructure Security Now

U.S. "critical infrastructure" operators should "harden their cyberdefenses immediately" against possible Russian attacks, per a warning by The Biden White House this week.

The message was a repeat warning from similar White House communications back in November, presaging Russia's attack on the Ukraine. However, now "evolving intelligence" is suggesting that "the Russian Government is exploring options for potential cyberattacks" on U.S. infrastructure, the March 21 White House statement indicated.

Steps To Take
The security hardening steps organizations should observe are summarized in this "Fact Sheet" statement that accompanied the White House warning.

In short, the White House wants organizations to use "multifactor authentication," a secondary means of verifying identity beside a user name and password, although organizations should avoid misconfigurations. Network systems should be patched and protected. Organizations should use tools to detect and address threats.

Organizations also should have "offline backup" systems in place that can't be reached by attackers. Data should be encrypted to make it useless to attackers.

Drills should be conducted to test emergency response plans in organizations should an attack happen. Employees should be educated on common attack methods that can occur via e-mail or Web sites.

Organizations should reference CISA and FBI Web sites for technical information and resources.

The White House "Fact Sheet" also appealed to software makers to build security into their products from the beginning. They should isolate the systems on which their software is built to prevent tampering, and use automated code-review tools to detect and fix vulnerabilities. Software makers should also use a "software bill of materials" to keep track of the software components they use, including open source code.

Private Sector Ownership
The White House made its appeal to critical infrastructure operators, such as pipeline, water and electricity utility operators, with the understanding that a lot of that infrastructure isn't wholly under federal government control.

"Most of America's critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors," the statement indicated.

The White House appeal has precedent. In May of last year, privately owned Colonial Pipeline's operations were disrupted by a ransomware attack. It temporarily disrupted about 45 percent of fuel supplies to the U.S. East.

Following the Colonial Pipeline attack, CISA (Cybersecurity and Infrastructure Security Agency) and the FBI had issued similar advice on what infrastructure operators should do to harden security.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Salesforce To Acquire Informatica in $8 Billion Deal

    Salesforce announced on Tuesday it plans to acquire data management firm Informatica for $8 billion.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Gives Orgs More Power to 'Tune' AI Agents

    At its Build 2025 conference this week, Microsoft unveiled significant advancements aimed at empowering enterprises to create more sophisticated AI agents.

  • Build 2025: Microsoft Charts Wider Path for AI Agents

    At Build 2025, Microsoft unveiled its strategic vision for the future of AI agents, emphasizing the development of autonomous systems capable of performing complex tasks across various applications.

Most   Popular