Biden national security officials warn of 'heightened risk' of 'malicious cyber' activities around holidays

The White House National Security Council is warning of a "heightened risk" of "malicious cyber" activities like ransomware surrounding the Christmas holiday, urging business leaders to update IT practices and to work with federal law enforcement to improve U.S. cybersecurity.

 Anne Neuberger, the deputy assistant to the president who also serves as deputy national security adviser for cyber and emerging technology, and Chris Inglis, the national cyber director, penned a letter to corporate executives and business leaders Thursday warning of potential breaches around Christmas and New Years.


"The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest. Unfortunately, malicious cyber actors are not taking a holiday—and they can ruin ours if we’re not prepared and protected," they wrote. "Historically we have seen breaches around national holidays because criminals know that security operations centers are often short-staffed, delaying the discovery of intrusions."

Neuberger and Inglis said that the U.S. has "experienced numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever-present threat of those who would use it for malicious purposes."

The officials warned that cyber criminals plan and begin an intrusion "before the holiday itself," by infiltrating a network and waiting for "the optimal time to launch an attack." 

Neuberger and Inglis laid out a set of recommendations for business leaders—including updating their system’s patching, enabling logs, changing passwords and mandating multi-factor authentication (MFA) for users—which officials said "significantly reduces your risk from almost all opportunistic attempts to gain entry into key systems."

The officials also urged the business communities to "review staffing plans" for IT and security teams to ensure "sufficient holiday coverage," and to make sure employees are aware of the threats. Officials also suggested backing up key data offline, noting that many attacks succeed "simply because the organizational back-up strategy is incomplete or permits criminals access to the backed-up information."

Neuberger and Inglis also encouraged IT and security leadership of companies to review information provided by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).


"All of us can, and must, play a part to improve the Nation’s cybersecurity," they wrote. "The U.S. government and the private sector have accomplished much together in the past year, and we have much more to do in 2022 and beyond."

The Biden administration's effort to strengthen cyber defenses comes after a string of ransomware attacks earlier this summer, with foreign malign actors targeting pieces of U.S. critical infrastructure.

In June, a ransomware assault shut down the U.S.-based meat plants of the world’s largest meatpacker, Brazil-based JBS. The White House said the hack was likely carried out by a criminal group based in Russia. 

The attack on JBS came just weeks after the largest U.S. fuel pipeline, the East Coast's Colonial Pipeline, was targeted by a criminal group originating in Russia.

Senior administration officials said the overall "optimal" approach is modernizing the national defense, federal government, state and local government and critical infrastructure, as well as the broader private sector so they are "modern enough to meet the threat."

President Biden, in July, signed a national security memorandum directing his administration to develop cybersecurity performance goals for critical infrastructure in the U.S. – entities like electricity utility companies, chemical plants and nuclear reactors. 

The memo  also formally established Biden's Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities to facilitate the deployment of technology and systems that provide threat visibility indicators and detections. 

And in October, the White House rolled out a four-point strategy to tackle ransomware—including disrupting ransomware actors; bolstering more resilience to withstand ransomware attacks; addressing abuse of virtual currency to launder ransomware payments; and leveraging international cooperation to disrupt the ransomware ecosystem.

The White House introduced that strategy in virtual meetings this fall with more than 30 countries to "accelerate cooperation to counter ransomware," however, the White House did not extend the invitation to Russia.

A senior administration official, at the time, said the United States and the Kremlin have a "separate channel" where they "actively" discuss the matter.

Officials said that Biden established a U.S.-Kremlin experts group for the U.S. to engage "directly" on the issue of ransomware.

Biden, during his summit in Geneva with Russian President Vladimir Putin in June, raised the issue of ransomware. Biden, at the time, said he told Putin that "certain critical infrastructure should be off limits to attack." Biden said he gave a list of "16 specific entities defined as critical infrastructure," saying it ranged from energy to water systems. 

Putin, though, during his press conference after the meeting, denied that Russia was responsible for cyberattacks and instead claimed that the most cyberattacks in the world were carried out from the U.S.