White House Issues Official Guidance for Cyberattack Protection

The White House's official website put up concise and clear guidance for protection against "potential cyberattacks" on March 21, 2022. The informational release contains some general information, followed by a list of specific steps that the US government encourages all entities to undertake.

While guidance is often released on a federal level, focusing on measures and precautions to be implemented by critical infrastructure and federal institutions, this latest release is also directed towards the private sector. The reason for this shift in focus and the all-encompassing nature of the new guidance is very clear and the document outlines it plainly.

US builds a wall, but this time in cyberspace

The White House document states that this action is in response to Russian president Vladimir Putin escalating "his aggression ahead of his further invasion of Ukraine". While the US, as the most prominent member of the Atlantic Council, did not directly engage in military action against Russia in response to the Russian invasion in Ukraine, it does look like the US is bracing for war on the cyber front.

The White House release comes out a couple of days after the US Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released a joint advisory warning of the heightened risk of Russian attacks on any sort of digital infrastructure, from satellite communications to smaller-scale attacks on individual entities.

Eight main points outlined in security guidance

The first of eight bullet point items focused on improving security in the White House guidance is multi-factor authentication or MFA. MFA remains the best widely accessible solution for dramatically improving the security level of any enterprise or network, but it also remains a solution that is not embraced as universally as security experts might hope.

MFA involves the use of an external physical device, most commonly a phone, for additional authentication when accessing certain services or networks.

The rest of the guidelines in the White House release focus on improving security through patching on an ASAP basis, exercising good password practices, maintaining frequent data backups, and encrypting data so that it cannot be used if intercepted or exfiltrated.

Employee education programs and training are also on the list of recommendations, and the importance of those cannot be overstated. Human error and the human factor have been at the root of a huge number of successful cyberattacks over the last few years.