Daily Times (Primos, PA)

U.S. looks to keep critical sectors safe from cyberattac­ks

- By Eric Tucker and Alan Suderman

WASHINGTON » A top Biden administra­tion official says the government is undertakin­g a new effort to help electric utilities, water districts and other critical industries protect against potentiall­y damaging cyberattac­ks.

“Our aim is to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity,” Anne Neuberger, deputy national security adviser, said in an interview with The Associated Press on Thursday. “That’s it in a sentence. Clear, clean goal, but it’s going to take a lot of work to get there.”

The public-private partnershi­p reflects the administra­tion’s concerns about the vulnerabil­ity of vital systems, including the electric grid and water treatment plants, to hacks that could cause catastroph­ic consequenc­es to American life. Though there is a history of government working with utilities, officials believe the threat has increased as more utility systems are connected to the Internet, and the Biden administra­tion wants to make fast progress in blocking any attacks.

The administra­tion, meanwhile, has grappled in its first 60 days with responses to two major cyber intrusions. In the first, Russian hackers snuck malicious code into a software update pushed out to thousands of government agencies and private companies. The second even more widespread hack affected untold thousands of Microsoft Exchange email servers, a breach the company says was carried out by Chinese state hackers.

Microsoft created a single -click tool to fix the issue after the White House encouraged the company to find a simple method for cleaning up from the hack. As a result, the number of compromise­d systems fell from 100,000 to less than 10,000 and “it keeps dropping,” Neuberger said.

She said one idea that was contemplat­ed was whether Microsoft could push a patch to all compromise­d systems to effectivel­y “vaccinate” them. Though it was determined that that was not technicall­y feasible in this case, the government will continue to work with the private sector to explore that idea in future cases.

Neuberger is also the administra­tion’s point person in responding to the so-called SolarWinds hack, in which suspected Russian hackers breached at least nine different federal agencies. The AP reported this week that the hackers gained access to email accounts belonging to the Trump administra­tion’s head of the Department of Homeland Security and members of the department’s cybersecur­ity staff whose jobs included hunting threats from foreign countries.

Neuberger said there were “gaps” in basic cybersecur­ity defenses at some of the nine agencies affected, which has hampered officials’ ability to determine what the hackers accessed.

She said the administra­tion has identified five specific modernizat­ion efforts as a result of its review of how the SolarWinds hack happened, including using technology that continuous­ly monitors for malicious activity and requiring greater use of multifacto­r authentica­tion so systems can’t be accessed with a stolen password alone.

That threat to critical infrastruc­ture was laid bare in February after a hacker’s botched attempt to poison the water supply of a small Florida city raised alarms about how vulnerable the nation’s utilities may be to attacks by more sophistica­ted intruders.

A local sheriff said that the water supply of Oldsmar, population 15,000, was briefly in danger when an unknown hacker used a remote access program shared by plant workers to briefly increased the amount of lye — sodium hydroxide — by a factor of 100. Lye is used to lower acidity, but in high concentrat­ions it is highly caustic and can burn. It’s found in drain cleaning products.

A supervisor monitoring

a

plant console about 1:30 p.m. saw a cursor move across the screen and change settings and was able to immediatel­y reverse it. The intruder was in and out in five minutes. Suspicious incidents are rarely reported and usually are chalked up to mechanical or procedural errors, experts say. No federal reporting requiremen­t exists, and state and local rules vary widely.

The nation’s 151,000 public water systems lack the financial fortificat­ion of the corporate owners of nuclear power plants and electrical utilities. They are a heterogeno­us patchwork, less uniform in technology and security measures than in other rich countries.

In this Feb. 17, 2021, file photo White House deputy national security adviser Anne Neuberger speaks during a press briefing in Washington. The Biden administra­tion has created an initiative aimed at helping critical industries, like the electric utility and water sectors, protect against damaging and destabiliz­ing cyberattac­ks. “Our aim is to ensure that control systems serving 50,000or more Americans have the core technology to detect and block malicious cyber activity,” Neuberger said in an interview with The Associated Press on Thursday, April 1.

 ?? JENNY KANE — THE ASSOCIATED PRESS FILE ?? In this Oct. 8, 2019, file photo a woman works at a computer in New York. The Biden administra­tion is not planning to step up government surveillan­ce of the U.S. internet even as state-backed foreign hackers and cybercrimi­nals increasing­ly use it to evade detection, a senior administra­tion official said Friday.
JENNY KANE — THE ASSOCIATED PRESS FILE In this Oct. 8, 2019, file photo a woman works at a computer in New York. The Biden administra­tion is not planning to step up government surveillan­ce of the U.S. internet even as state-backed foreign hackers and cybercrimi­nals increasing­ly use it to evade detection, a senior administra­tion official said Friday.
 ?? EVAN VUCCI — THE ASSOCIATED PRESS FILE ??
EVAN VUCCI — THE ASSOCIATED PRESS FILE

Newspapers in English

Newspapers from United States