The White House on Monday warned private companies to prepare for potential Russian cyberattacks, citing “evolving intelligence” the country is “exploring options” and reiterating warnings that the Kremlin could retaliate for U.S. sanctions by launching a cyber incident.

What You Need To Know

  • The White House on Monday warned private companies to prepare for potential Russian cyberattacks, citing “evolving intelligence” the country is “exploring options” to launch an attack

  • The biggest worry is about an attack on critical infrastructure, such as power grids, water systems or hospitals

  • The White House called on companies to prepapre now, issuing a fact sheet outlining steps that the private sector and Americans should take

A top security official said the U.S. has seen evidence of Russian activity that signals preparation for a cyberattack, things that could include scanning websites and hunting for vulnerable systems.

The biggest worry, said Deputy National Security Advisor Anne Neuberger, is an attack on critical infrastructure, such as power grids, water systems or hospitals.

“Lock your digital doors. Make it harder for attackers. Make them do more work,” Neuberger said in the White House briefing room, pointing to a White House fact sheet outlining steps that private companies should take.

The suggested actions include implementing multi-factor authentication, backing up data, running cybersecurity drills, changing passwords and educating employees.

Neuberger also said the average American should take similar steps to protect their own accounts and data. 

President Joe Biden issued a statement on possible Russian cyberattacks earlier Monday, calling it “part of Russia’s playbook.”

“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year,” he added. “We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.”

Neuberger did not say an attack was imminent.

“To be clear, there is no certainty there will be a cyber incident on critical infrastructure,” she told reporters in the briefing room. “So why am I here? Because this is a call to action and a call to responsibility for all of us.”

But she still warned about clear “patches” in companies cyber protections, pointing to the “hundreds of millions of dollars” in ransom paid to attackers last year.

One clear example last year was the attack that sent the Colonial Pipeline offline, causing gas shortages and panic-buying across the southeast. The pipeline operator confirmed they paid the hackers more than $4 million.