Prior to this role, Anne led NSA’s election security effort and served as Assistant Deputy Director of NSA’s Operations Directorate, overseeing foreign intelligence and cybersecurity operations.

Chani then went on to give her overview with ideas and instructions as to  how corporations and private individuals alike can maximizetTheir resilience against potential malicious activity online.:

 Thank you very much, Jen.  Good afternoon.  It’s good to see you all.

Over the last decade, Russia has used cyber as a major part of its military activity beyond its borders, including to undermine, coerce, and destabilize Ukraine.  For that reason, and at the President’s direction, we’ve been working to prepare for potential cyberattacks since November.  We’ve been focused on doing so in three ways:

First, we’ve continued our urgent work to shore up our cyber defenses at home.  Second, we’ve boosted our efforts providing support to Ukraine.  And third, we’ve worked closely with partners and Allies to defend against and disrupt malicious cyber activity. 

I’ll expand on each of these three areas.

Given the history of Russia’s use of cyber, Anne Neuberger, Dep. National Security Advisor for Cyber and Emerging Technology, details how people and companies can maximize their resilience against potential malicious activity online. pic.twitter.com/40ypuc4vsO

— The White House (@WhiteHouse) March 2, 2022

First, we’re shoring up our defenses at home.  While there are currently no specific or credible cyber threats to the homeland, the U.S. government has been preparing for potential geopolitical contingencies since before Thanksgiving.

The White House has coordinated extensive outreach by agencies with the private sector, specifically private sector owners and operators of critical infrastructure.

In that outreach, departments and agencies have gone to unprecedented and extraordinary lengths to share sensitive information and, most importantly, to outline specific steps companies can take to make their systems more secure. 

As one example of those specific steps, the Department of Energy shared technical indicators of techniques used by Russian cyber actors to conduct cyberattacks against Ukrainian electricity systems during prior crises in Ukraine.

We’re also using the authorities we have to require companies to put in place the cyber defenses needed.  For example, TSA issued directives that require oil and gas pipelines to report cyber incidents, conduct vulnerability assessments, and exercise their incident response plans.  TSA is now working to expand that to both the aviation and railroad sectors. 

As many of you know, the government doesn’t own or operate critical infrastructure that provides critical services to our citizens — for example, our water systems and power systems.  I cannot stress this enough: We urge our private sector partners to exercise incident response plans and put in place the cybersecurity defenses, like encryption and multifactor authentication, that make cyberattacks harder for even sophisticated cyber actors.

Second, we continue to support Ukraine as it works to shore up its cyber defenses.

The U.S. government believes that Russian cyber actors likely have targeted the U- — the Ukrainian government, including military and critical infrastructure networks, to collect intelligence and pre-position to conduct disruptive cyber activities.  These disruptive cyber operations could be leveraged if Russia takes further military action against Ukraine. 

We’ve seen troubling signs of malicious cyber activity in the last month.  Earlier this week, we saw a kind of cyberattack known as a DDoS attack that overloads online services at the Ukrainian Ministry of Defense and state-owned banks.  There were also text messages sent to bank customers telling them that ATM services were unavailable.

Russia likes to move in the shadows and counts on a long process of attribution so it can continue its malicious behavior against Ukraine in cyberspace, including pre-positioning for its potential invasion.  In light of that, we’re moving quickly to attribute the DDoS attacks.

We believe that the Russian government is responsible for wide-scale cyberattacks on Ukrainian banks this week.  We have technical information that links Russian — the Russian Main Intelligence Directorate, or GRU, as known GRU infrastructure was seen transmitting high volumes of communications to Ukraine-based IP addresses and domains.

We’ve shared the underlying intelligence with Ukraine and with our European partners.

While of limited impact, this recent spate of cyberattacks in Ukraine are consistent with what a Russian effort could look like in laying the groundwork for more disruptive cyberattacks accompanying a potential further invasion of Ukraine’s sovereign territory.

We’ve been preparing for this possibility.  Since November, we further intensified our support to the government of Ukraine, specifically to network defenders, working to help them respond to and recover from cyber incidents as well as strengthen the resilience of cyber critical infrastructure.

Finally, we’re cooperating with Allies and partners to disrupt and respond to malicious cyber activity.  That includes work to share intelligence regarding malicious cyber techniques and ensure the global community is ready to rapidly call out malicious cyber activity as appropriate.

Members of the administration have met with leaders across the region to discuss cyber resilience, deterrence of cyberattacks, and to ensure we’re prepared to address any cyber contingencies.

We’ve met with our Polish and Baltic counterparts; our NATO Allies; and our European partners, including France and Germany.

The global community must be prepared to shine a light on malicious cyber activity and hold actors accountable for any and all disruptive or destructive cyber activity.

And as the President said earlier this week: If Russia attacks the United States or our Allies through asymmetric activities, like disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond.

Thank you.