US national emergency extended due to elevated malicious cyber activity

White House

US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy.

The national emergency was declared on April 1, 2015, by former President Barack Obama through Executive Order 13694, which also sanctioned the individuals coordinating or contributing to cyberattacks against the US.

On December 28, 2016, Obama issued Executive Order 13757 to amend E.O. 13694 because such malicious attacks were being used to undermine democratic processes and institutions.

In the context of E.O. 13694, such cyber-enabled malicious activity includes critical infrastructure breaches, denial of service attacks, and data theft incidents that pose a significant threat to US national security, foreign policy, economic health, or financial stability.

“Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States,” President Biden said.

“Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities.”

Biden’s notice extended the national emergency declared in E.O. 13694 to continue in effect beyond April 1, 2022, under section 202(d) of the National Emergencies Act (50 U.S.C. 1622(d)).

US organizations warned to defend their networks

The Biden admin’s decision follows a “SHIELDS UP!” warning issued by the Cybersecurity and Infrastructure Security Agency (CISA) for all US organizations, asking them to take proactive measures to defend their networks.

“Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners,” CISA says.

“Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents.”

In February, CISA and the FBI also warned US orgs that data wiping attacks targeting Ukraine might spill over to targets from other countries.

The joint advisory came on the heels of malware attacks targeting Ukraine with the HermeticWiper malware and ransomware decoys and aiming to destroy data and render targeted devices unbootable.