White House urges private sector to boost protection against cyberattacks

WASHINGTON — The White House is urging private companies to take immediate action to boost their ransomware defenses after a number of recent high-profile cyberattacks slowed critical U.S. supply chains, according to a new memo.

“Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany and France, to pipelines in the United States and banks in the U.K.,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, wrote in a memo to corporate executives and business leaders.

June 3, 202102:11

“The threats are serious, and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” she added. “The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”

The memo comes as JBS, the world’s largest beef supplier, was hacked Sunday, forcing the company to take systems offline and stop work in North America and Australia, threatening some of the U.S. meat supply.

Less than a month earlier, a Russian cybercrime gang hacked Colonial Pipeline, a major U.S. fuel supplier, prompting the company to shut down pipeline activity for five days and leading to gas shortages. Colonial Pipeline paid the hackers nearly $5 million in ransom.

In the memo, Neuberger suggested “a small number of highly impactful steps” that she said companies could take immediately to help make “rapid progress on driving down risk.”

May 16, 202104:41

Neuberger encouraged the private sector to adopt the best practices President Joe Biden laid out in an executive order he signed in May aimed at addressing the country’s vulnerability to cyberattacks, such as multifactor authentication and encryption.

Neuberger also urged companies to back up data and keep backups offline so that they are not vulnerable to ransomware variants; to update and patch systems regularly; to build and test an incident response plan so that businesses can sustain operations in the event of an attack; and to segment networks so that corporate business functions are separated from manufacturing and production operations.

“Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” Neuberger wrote.