Press Briefing by Press Secretary Jen Psaki and Deputy NSA for Cyber and Emerging Technologies Anne Neuberger, March 21, 2022 – The White House

2:45 P.M. EDT

MS. PSAKI: Hi, everyone. Okay, we have a very special return guest today, Deputy National Security Advisor Anne Neuberger, who is here to provide a brief update on cyber. You probably have seen the statement from the President we issued, as well as a factsheet; shell talk about that. Has a little bit of time to take some questions, and then well do a briefing from there.

With that, Ill turn it over to Anne.

MS. NEUBERGER: Thank you, Jen. Good afternoon, everyone.

This afternoon, the President released a statement and factsheet regarding cyber threats to the homeland, urging private sector partners to take immediate action to shore up their defenses against potential cyberattacks.

Weve previously warned about the potential for Russia to conduct cyberattacks against the United States, including as a response to the unprecedented economic costs that the U.S. and Allies and partners imposed in response to Russias further invasion of Ukraine.

Today, we are reiterating those warnings, and were doing so based on evolving threat intelligence that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.

To be clear, there is no certainty there will be a cyber incident on critical infrastructure. So why am I here? Because this is a call to action and a call to responsibility for all of us.

At the Presidents direction, the administration has worked extensively over the last year to prepare to meet this sort of threat, providing unprecedented warning and advice to the private sector and mandating cybersecurity measures where we have the authority to do so.

For example, just last week, federal agencies convened more than 100 companies to share new cybersecurity threat information in light of this evolving threat intelligence. During those meetings, we shared resources and tools to help companies harden their security, like advisories sourced from sensitive threat intelligence and hands-on support from local FBI field offices and sister regional offices, including their Shields Up program.

The meeting was part of an extensive cybersecurity resilience effort that we began in the fall, prompted by the President. Agencies like Energy, EPA, Treasury, and DHS have hosted both classified and unclassified briefings with hundreds of owners and operators of privately owned critical infrastructure. CISA, NSA, and FBI have published cybersecurity advisories that set out protections the private sector can deploy to improve security.

The President has also directed departments and agencies to use all existing government authorities to mandate new cybersecurity and network defense measures. Youve seen us do that where we have the authority to do so, including TSAs work that mandated directives for the oil and gas pipelines following the Colonial Pipeline incident that highlighted the significant gaps in resilience for that sector.

Our efforts together over the past year has helped drive much-needed and significant improvements. But theres so much more we need to do to have the confidence that weve locked our digital doors, particularly for the critical services Americans rely on.

The majority of our critical infrastructure, as you know, is owned and operated by the private sector. And those owners and operators have the ability and the responsibility to harden the systems and networks we all rely on.

Notwithstanding these repeated warnings, we continue to see adversaries compromising systems that use known vulnerabilities for which there are patches. This is deeply troubling.

So were urging, today, companies to take the steps within your control to act immediately to protect the services millions of Americans rely on and to use the resources the federal government makes available. The factsheet released alongside the Presidents statement contains the specific actions that were calling companies to do.

I would be remiss if I didnt reiterate the Presidents thanks to Congress for its partnership in this effort, including making cybersecurity resources available in the Bipartisan Infrastructure Law and, most recently, for working across the aisle to require companies to report cyber incidents to the federal government. That will ensure federal resources are focused on the most important cyber threats to the American people.

We welcome additional congressional work to identify new authorities that can help address gaps and drive down collective cybersecurity risk.

Bottom line: This is about us the work we need to do to lock our digital doors and to put the country in the best defensive position.

And there is them. As the President has said: The United States is not seeking confrontation with Russia. But he has also said that if Russia conducts disruptive cyberattacks against critical infrastructure, we will be prepared to respond.

Thank you.

MS. PSAKI: All right. Let me just first ask, for those of you in the aisles, if youre not a photographer, theres plenty of seats. So if you could sit down, that would be great, and not crowd the others in the seats.

So, we dont have unlimited time, so if people we just want to get to as many people as possible.

So, go ahead.

Q Thank you, Jen. Hi, Anne. Just a quick question on the Viasat attack that happened on the 24th of Feb, the day Russia attacked Ukraine. Weve obviously seen that impact satellite communication networks in Eastern Europe. And since then, the FBI and CISA have issued warnings that similar attacks can happen against U.S. companies.

Is the U- is the U.S. in a position to perhaps identify who is behind the hack at this moment?

MS. NEUBERGER: Its a really good question. So, first, I want to lift up: FBI and CISA and NSA also highlighted protective security measures that U.S. companies can put in place to protect against exactly that kind of attack. We have not yet attributed that attack, but were carefully looking at it because, as you noted, of the impact not only in Ukraine but also in satellite communication systems in Europe as well.

Q Does the sophistication of the attack, perhaps the timing of it, suggest that its a state actor? I mean, are you willing to

MS. NEUBERGER: Those are certainly factors that are were looking at carefully as we look at who is responsible for them.

MS. PSAKI: Phil.

Q The evolving intelligence, it doesnt mean that its a certainty theres going to be an attack. Can you explain for the layman what youre seeing right now that precipitated this statement today, and what the evolving intelligence may be now compared to on the 24th or prior to the invasion?

MS. NEUBERGER: Absolutely. So, the first part of that is: Youve seen the administration continuously lean forward and share even fragmentary pieces of information we have to drive and ensure maximum preparedness by the private sector.

So as soon as we learned about that, last week we hosted classified briefings with companies and sectors who we felt would be most affected, and provided very practical, focused advice.

Todays broader, unclassified briefing is to raise that broader awareness and to raise that call to action.

Q So there was something specific you saw last week that was raised to the industries that it would have affected, is what youre saying?

MS. NEUBERGER: So I want to reiterate: There is no evidence of any of any specific cyberattack that were anticipating for. There is some preparatory activity that were seeing, and that is what we shared in a classified context with companies who we thought might be affected. And then were lifting up a broader awareness here in this in this warning.

MS. PSAKI: Major?

Q Hey, Anne. When you say a call to action, many who hear you say that might believe that something is imminent. Is it?

MS. NEUBERGER: So, first, a call to action is because there are cyberattacks that occur every day. Hundreds of millions of dollars were paid in ransoms by U.S. companies just last year against criminal activity happening in the U.S. today. Every single day, there should be a call to action.

Were using the opportunity of this evolving threat intelligence regarding potential cyberattacks against critical infrastructure to reiterate those with additional focus specifically to critical infrastructure owners and operators to say, You have the responsibility to take these steps to protect the critical services Americans rely on.

Q And as a follow-up: Critical infrastructure is a broad term. Is it as broad as you typically mean it when the government speaks about critical infrastructure, or is there something youve seen that you can be more a little bit more specific within that large frame of critical infrastructure?

MS. NEUBERGER: I wont get into specific sectors at this time, because the steps that are needed to lock our digital doors need to be done across every sector of critical infrastructure. And even those sectors that we do not see any specific threat intelligence for, we truly want those sectors to double down and do the work thats needed.

MS. PSAKI: Jacqui.

Q You guys, the administration, successfully declassified a lot of intelligence about what the Russians were planning leading up to the invasion to prebut what they might do. Can you do that a little bit here and at least list some of the industries that might be the biggest targets so that they can have a heightened awareness about what might be coming?

MS. NEUBERGER: As we consider declassifying intelligence, to your excellent point, that really has been the work that has been done the last few weeks and was driven by a focus on outcomes. It was driven by the Presidents desire to avoid war at all costs, to really invest in diplomacy.

So, as we consider this information, the first step we did was we gave classified, detailed briefings to the companies and sectors for which we had some preparatory information about. And then for those where we dont, thats the purpose of todays unclassified briefing: to give that broad warning. And I want to lift up the factsheet, which is really the call to action for specific activities to do.

Q So you believe the people, the industries that need to know about this risk know?

MS. NEUBERGER: We believe the key entities who need to know have been provided classified briefings. I mentioned, for example, just last week, several hundred companies were brought in to get that briefing.

MS. PSAKI: Peter.

Q Does the U.S. have any evidence that Russia has attempted a hack, either here in the U.S., in Europe, or in Ukraine, over the course of the last several weeks since this offensive began?

MS. NEUBERGER: So, we certainly believe that Russia has conducted cyberattacks to undermine, coerce, and destabilize Ukraine. And we attributed some of those a couple of weeks ago.

We consistently see nation states doing preparatory activity. That preparatory activity can pan out to become an incident; it cannot. And thats the reason were here.

Q So, specifically in the U.S., as there was an assessment early on that we thought that we would be a likely target here, why do you think we have not seen any attack on critical infrastructure in the United States to this point so far?

MS. NEUBERGER: I cant speak to Putin or Russian leaderships strategic thinking regarding how cyberattacks factor in.

What I can speak to is the preparatory work weve been doing here in the U.S. and the fact that as soon as we have some evolving threat intelligence regarding a shift in that intention, that were coming out and raising the awareness to heighten our preparedness as well.

Q So you cant say declaratively that we stopped an attack, I guess Im saying, to this point on critical infrastructure?

MS. NEUBERGER: Correct.

Q Okay. Thank you.

MS. PSAKI: Colleen.

Q Can you explain a little bit more what preparatory activity on the part of the Russians would be? What does that look like?

MS. NEUBERGER: So, preparatory activity could mean scanning websites; it could be hunting for vulnerabilities. Theres a range of activity that malicious cyber actors use, whether theyre nation state or criminals.

The most troubling piece and really one I mentioned a moment ago is we continue to see known vulnerabilities, for which we have patches available, used by even sophisticated cyber actors to compromise American companies, to compromise companies around the world. And thats one of the reasons and that makes it far easier for attackers than it needs to be.

Its kind of you know, I joke I grew up in New York you had a lock and an alarm system. The houses that didnt or left the door open clearly were making it easier than they should have. Right? No comment about New York. (Laughter.)

So, clearly what were asking for is: Lock your digital doors. Make it harder for attackers. Make them do more work. Because a number of the practices we include in the factsheet will make it significantly harder, even for a sophisticated actor, to compromise a network.

MS. PSAKI: Go ahead.

Q Sorry, just to be clear: The warning today, is this in response to some of these more desperate tactics weve seen from Russia on ground? Are you now fearing that there might be more of a cyber risk because of what were seeing on the ground in Ukraine?

MS. NEUBERGER: So, weve given a number of threat intel- of threat warnings over the last number of weeks that Russia could consider conducting cyberattacks in response to the very significant economic costs the U.S. and partners have put on Russia in response. This speaks to evolving threat intelligence and a potential shift in intention to do so.

Q And do you have a message for individuals? Youre talking a lot about private companies. What about households? Should they be worried about cyberattacks here?

MS. NEUBERGER: The items in the factsheet apply to companies and individuals as well. Im specifically speaking to companies because theres a responsibility to protect the critical services Americans rely on. But every individual should take a look at that fact sheet because its a truly helpful one. We only put in place the things that we really try to practice and work to practice ourselves.

MS. PSAKI: Jordan.

Q Thanks. As part of this preparatory activity, do you have evidence that Russian hackers have infiltrated the networks of U.S. companies already and just havent carried out the attacks?

MS. NEUBERGER: There was as I noted, we frequently see preparatory activity. Whenever we do, we do sensitive warnings to the individual companies and provide them information to ensure they can look quickly at their networks and remediate what may be occurring.

Q So have you seen any evidence that there have been infiltrations as part of that activity?

MS. NEUBERGER: We routinely see information about infiltrations. Right? Technology is not as secure as it needs to be. I mentioned the ransomware activity. There are multiple nation-state actors. Its a line of work for the intelligence community and the FBI to knock on a companys door and say, Weve seen some evidence of an intrusion. Well work with you. Well make these resources available via a regional office to work with you to help you recover. Thats thats pretty routine practice.

What were seeing now is an evolving threat intelligence to conduct potential cyberattacks on critical infrastructure. And that raises up a point because were concerned about potential disruption of critical services.

MS. PSAKI: Ken.

Q Anne, you did a briefing for us about a month ago. Do you think the U.S. banking system is more vulnerable, less vulnerable since the briefing, given the warnings that the government has produced?

MS. NEUBERGER: The U.S. banking sector truly takes cyber threats seriously, both individually and as a group. Treasury has worked extensively with the sector to share sensitive threat intelligence at the executive level, at the security executive level, repeatedly at the classified and unclassified level. So, I do not believe theyre more at risk, but it is always important for every critical infrastructure sector to double down in this heightened period of geopolitical tension to carefully look at any threat.

MS. PSAKI: Go ahead.

Q Can you paint a worst-case scenario picture for us? What exactly are you most worried about if people the private sector chooses to not take these steps?

MS. NEUBERGER: Clearly, what were always I wont get into hypotheticals, right? But the reason Im here is because critical infrastructure power, water, many hospitals in the United States are owned by the private sector. And while the federal government makes extensive resources available I mentioned FBIs 56 regional offices you can just walk in; CISA has offices near most FEMA sites in the United States. Theyve had their Shields Up program. We can make those resources available. For those sectors where we can mandate measures like oil and gas pipelines, we have. But its ultimately the private sectors responsibility, in our current authority structure, to do those steps, to use those resources to take those steps.

So, the purpose here is to say: Americans rely on those critical services. Please act. And were here to support with the resources we have.

MS. PSAKI: Kayla, last one.

Q Thank you. Anne, are you still seeing the Russians carrying out cyberattacks inside Ukraine? Its been a few weeks since weve been discussing that in particular.

And as financial tools levied by the West have proven ineffective, what cyber tools does the West have that it can possibly utilize?

MS. NEUBERGER: We do continue to see Russia conducting both as you know, right? significant malicious activity in Ukraine; major kinetic attacks, which have disrupted and killed lives; as well as cyber activity. And we believe the unprecedented economic costs the United States and partners have levied is significant in that way.

With regard to your question about whether cyberattacks would change that: I think the President was very clear were not looking for a conflict with Russia. If Russia initiates a cyberattack against the United States, we will respond.

MS. PSAKI: Thank you, Anne, so much for joining us.

MS. NEUBERGER: Thank you. Thank you for having me.

Q Thanks, Anne.

Q Thank you, Anne.

MS. PSAKI: All right. I just had two brief items for all of you at the top.

There was a scheduled meeting today that Secretary Yellen, Secretary Raimondo, Jake Sullivan, and Brian Deese had with 16 CEOs this afternoon. The President also dropped by for about 20 minutes and provided them an update on Russia, Ukraine. Im sure we can get you a list of the attendees at that meeting as well.

Also wanted to note a number of you have asked about whether the President would be watching the hearings today. One scheduling note is the Quint meet- call he had this morning was at exactly the same time as her opening statement, but he did request regular updates or has been requesting regular updates from members of the team on how the hearing is going.

And he also called her last night to wish her good luck this week at the hearings.

And I would also note that hes very grateful to Judge Tom Grif- Thomas Griffith, as well as Lisa Fairfax, for introducing her today.

So with that, I will stop. And, Colleen, why dont you kick us off.

Q Okay. So, do you can give us a readout of the call with the European leaders from earlier? Just sort of what was discussed, what happened.

And then I have one other question after that.

MS. PSAKI: Absolutely. If you havent already there should be a readout going out shortly, but let me give you a few of the preview points of this call:

Read the original:
Press Briefing by Press Secretary Jen Psaki and Deputy NSA for Cyber and Emerging Technologies Anne Neuberger, March 21, 2022 - The White House

Related Posts

Comments are closed.