As the 2023 Global Risks Report from the World Economic Forum classified cybercrime and cybersecurity threats as the eighth greatest global risk in terms of impact over the short term (the next two years) or long term (the next decade), the Biden Administration has prioritized enhancing cybersecurity from the early days of his presidency. In May 2021, Biden issued an executive order emphasizing the need for information sharing on cyber threats and updating cybersecurity across federal government units. Then, in 2022, he signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop and enforce regulations requiring covered entities to report cyber incidents and ransomware payments.
Amid the significant surge in Distributed Denial of Service (DDoS) attacks in 2023, Biden unveiled a new National Cybersecurity Strategy in March 2023. This strategy outlines five core pillars for securing cyberspace and creating a resilient digital ecosystem that is easily defendable and secure for everyone. This strategy is part of a broader effort by the Biden Administration to strengthen internet and technology governance, including increasing tech companies’ accountability, enhancing privacy protection, and ensuring fair competition online.
In this context, the Observer Research Foundation (ORF) in India published a report in January 2024 titled “Decoding the Biden Administration’s Cybersecurity Policy,” aiming to draw lessons from the U.S. experience in enhancing cybersecurity and highlighting the importance of international collaboration in cybersecurity, particularly between partners like the U.S. and India. The report maps out the cybersecurity threats facing the U.S., reviews the Biden Administration’s approach to cybersecurity, and explores the geopolitical, technological, and diplomatic significance of cybersecurity strategy in a rapidly changing field.
Cybersecurity Threat Map:
The report begins by acknowledging that the increasingly interconnected digital ecosystem, combined with privacy preservation constraints, has created opportunities for more cybersecurity threats. It outlines the cybersecurity threats during Biden’s presidency, including:
Complex Threat Combinations: The interconnection within the digital ecosystem and the ongoing digital momentum have led to complex cybersecurity threats globally. The U.S. has experienced major cyber incidents, which the report categorizes into five primary threats: DDoS attacks targeting critical national infrastructure, ransomware attacks, supply chain breaches, zero-day attacks, and cyber-enabled espionage campaigns. The report attributes these threats to numerous vulnerabilities in U.S. servers and cybersecurity defenses, which adversaries have repeatedly exploited. It cataloged 39 significant cyber incidents targeting the U.S. during Biden’s presidency (2021-2023), detailing the incidents by date, targeted entity, intent, description, and impact, based on publicly available data from U.S. government agencies and non-governmental sources, including news sites.
Diverse Actors: The report finds that the cybersecurity threats faced by the U.S. during Biden’s presidency are attributable to a wide range of actors, including nation-states, cybercrime organizations, hackers, and others. However, the report highlights that cybersecurity threats from Russia directed at the U.S. are a primary and notable concern, as warned by Biden in March 2022, with increased intensity following the Russia-Ukraine conflict. Regarding China, the report notes some of these cybersecurity threats, citing the 2023 Annual Threat Assessment from the Office of the Director of National Intelligence, which warns that “China may currently represent the broadest, most active, and persistent cyber espionage threat to the U.S. government.”
Inadequate Traditional Security Measures: The report underscores that a major challenge for the U.S. is the ever-evolving nature of cybersecurity threats, outpacing traditional security measures. The rise of sophisticated cyber threats and state-sponsored hacking groups with significant resources and skills has added a higher level of complexity to the threat landscape. It notes that these hacking groups often exploit zero-day vulnerabilities for unauthorized access to systems and data. Furthermore, the interconnectedness of digital systems and supply chains has introduced new attack vectors, with cybercriminals frequently targeting vendors and external partners to reach primary targets, as evidenced by the 2020 SolarWinds supply chain attack.
Increasing Ransomware Threats: The report highlights another gap in U.S. cybersecurity measures—the growing threat of ransomware attacks. The ransomware attack on Colonial Pipeline in May 2021 exposed the vulnerability of critical national infrastructure to cyber attacks, leading to numerous ransomware incidents targeting government agencies and businesses. The financial motive behind these attacks has created a cycle of extortion, motivating attackers to continue their activities.
Ripple Effects of Cybersecurity Threats: The impacts of cybersecurity threats extend beyond the digital realm, resonating across the economy and other areas of national security. Cyberattacks can cripple critical infrastructure, disrupt supply chains, damage reputations, undermine public trust in elections, and compromise sensitive information. Consequently, cyber incidents such as the SolarWinds breach and the Colonial Pipeline attack highlight that cybersecurity is not merely a technical concern but a multifaceted challenge with far-reaching implications.
Cybersecurity Priorities:
While the devastating impact of cyber threats on the U.S. economy and national security has been a major concern for many U.S. administrations, the Biden administration may be the first to fully recognize the importance of cybersecurity and advocate for greater alignment between cybersecurity policies and national security strategy through a more robust and proactive approach. The Biden administration has engaged the private sector in cybersecurity policies, increased its investment commitments, and initiated institutional restructuring to address cyber threats by enhancing threat detection and information sharing, along with imposing severe consequences on those involved in attacks.
The report reviews the key measures taken by the Biden administration to enhance cybersecurity and tackle cyber threats, which include:
Executive Order on Cybersecurity (May 2021): The complexity and audacity of the SolarWinds attack prompted the Biden administration to swiftly issue this executive order aimed at “improving the cybersecurity of the nation.” It sought to update and enhance federal government capabilities, cybersecurity practices, and set higher standards for software security across industries. The order emphasized the importance of public-private collaboration, information sharing, and adopting best practices to mitigate cyber risks. To achieve this, it mandated the adoption of multiple security features such as multifactor authentication and encryption to protect data, and the deployment of endpoint detection and response initiatives to support proactive detection of cybersecurity incidents for federal agencies. Additionally, agencies were directed to adopt a “zero trust” architecture and more secure cloud services.
National Cybersecurity Strategy (March 2023): This strategy marked a pivotal moment in the U.S. approach to handling cyber threats, aiming to create a comprehensive framework that not only enhances defenses against current threats but also positions the U.S. to proactively address emerging risks. The strategy is based on five key pillars: defending critical infrastructure, disrupting and dismantling sources of cyber threats, shaping market forces to enhance security and resilience, investing in a resilient future, and building international partnerships to achieve shared goals.
Zero-Trust Approach: New mechanisms in cybersecurity have been adopted, including the zero-trust approach, which the report views as both a security mechanism and a value. It is based on the fundamental assumption that every person and entity within the connected network is a suspect. Therefore, the only method is to authenticate and authorize every component of the cybersecurity system, including user identity, device, and location. The zero-trust approach establishes a continuous cycle of verification and authorization. In transitioning to this approach, the Biden administration created the Zero Trust Maturity Model (ZTMM) to guide federal agencies in making their computer systems more secure. This model relies on pillars and comprehensive capabilities that interconnect in various ways to enhance security at all levels.
Infrastructure Act (November 2021): Also known as the Infrastructure Investment and Jobs Act, the Biden administration included cybersecurity in the bipartisan infrastructure agreement, which aims to repair infrastructure, competitiveness, and security through investment in interconnected sectors. This includes ensuring all Americans have access to reliable high-speed internet and reducing the average cost of broadband access. Additionally, a cybersecurity grant program was established to fund partners at the state and local levels.
Agency Coordination and Institutional Linkages: The report indicates that the Biden administration’s cybersecurity approach focuses on enhancing coordination among agencies within and outside the federal government network. The Cybersecurity and Infrastructure Security Agency (CISA) under the Department of Homeland Security (DHS) is the central body responsible for coordinating cybersecurity activities and leading the federal government’s response to all related matters, including cyber threats to civilian infrastructure.
Cybersecurity Simulation Exercises: The Department of Homeland Security conducted six cybersecurity simulation exercises between April 2021 and March 2022 to enhance existing mechanisms and practices, remove bottlenecks that had previously hindered efforts, and allow for the introduction of new tools as needed. These exercises focus on testing cybersecurity resilience during specific periods. Given that election security is also a critical priority for the Biden administration’s cybersecurity approach, an election security race was organized between November 2021 and January 2022 to improve cybersecurity for democratic institutions and infrastructure.
In conclusion, the report anticipates that cyber threats from Russia, North Korea, and China will continue against the U.S., and the competition between Beijing and Washington in military, technology, and space sectors will continue to target U.S. cybersecurity. However, it views the Biden administration’s approach to strengthening cybersecurity as more comprehensive, considering the entire ecosystem and striving for greater alignment between cybersecurity policies and national security strategy.
Source: Vivek Mishra and Sameer Patil, “Decoding the Biden Administration’s Cyber Security Policy”, ORF Issue Brief No. 686, (New Delhi, Observer Research Foundation, January 15, 2024.