President Biden's list of 16 key infrastructure entities that are "off-limits" to Russian cyberattacks has effectively given the Russians a green light to target everything not on that list without facing serious repercussions, national security experts and senior Republicans tell Fox News.
Russian cybercriminals are believed to be behind a pair of recent cyberattacks targeting the Colonial Pipeline and meat-processing company JBS Holdings. Both companies paid multi-million dollar ransoms to regain access to their systems.
Biden told reporters Wednesday he gave President Vladimir Putin a list of 16 critical infrastructure entities that are "off limits" to a Russian cyberattack: "I talked about the proposition that certain critical infrastructure should be off limits to attack — period — by cyber or any other means. I gave them a list, if I’m not mistaken — I don't have it in front of me — 16 specific entities; 16 defined as critical infrastructure under U.S. policy, from the energy sector to our water systems."
Biden's "off-limits" list has led experts and members of Congress to question whether everything not on the list is therefore fair game for attacks.
"As soon as you draw red circles around things you don't want Russia to attack, you're both telling Russia what is most valuable to you and that they can attack anything else without serious consequence," Rebecca Heinrichs, a senior fellow at the Hudson Institute, told Fox News.
"It could actually entice Russia to increase attacks against all the other entities besides those 16 things. We should be complicating Russia’s calculations not making them simpler and certainly not essentially green-lighting any kinds of attacks," Heinrichs added.
"I'm very circumspect about Biden’s actions in this summit because we're supposed to impose costs when cyberattacks occur and when they meet a level of attribution to a state," said Kara Frederick, a research fellow in technology policy at the Heritage Foundation.
"Most cyber criminals in Russia operate with tacit state approval," Frederick noted. "Instead of painting a target on 16 of these things, we should be disrupting their networks," she added.
Those criticisms were echoed by a long list of Republicans on Capitol Hill, whose reactions to Biden's list ranged from incredulity to anger.
Sen. Ron Johnson, R-Wis., told Fox News on Thursday that it appears Biden "has drawn red lines with Putin that he now must enforce" and said the president's "demand" for Russia to "cease cyberattacks on only 16 economic sectors was truly bizarre."
"Together with deciding not to impose sanctions to halt the completion of the Nord Stream 2 pipeline, his limited demand on cyberattacks signals weakness that our adversaries will notice and take advantage of," said Johnson, who sits on the Senate Homeland Security and Governmental Affairs Committee.
"President Biden's summit with Russian President Vladimir Putin confirmed our worst fear: he is too weak to stand up to adversaries," Rep. Elise Stefanik, R-N.Y., told Fox News.
"President Biden effectively gave our adversaries the green light to launch cyberattacks on Americans. All of America should be off limits from Russian-backed cyberattacks, not just the critical infrastructure," added Stefanik, who chairs the House Republican Conference.
"President Biden can't help signaling weakness, even by accident," Senator Ted Cruz, R-Texas, told Fox News. "All of America's critical infrastructure is off-limits to Putin."
Oklahoma Sen. James Lankford, a member of the Senate Homeland Security Committee, said that Biden announcing his "off-limits" list to the world was "stunning" and "jarring."
"I think he should have brought a map of the United States and just said, ‘Here's everything you can't attack,’" Lankford said Thursday on Fox Business' Mornings with Maria. Instead, Lankford said, Biden effectively communicated to the Russians that "you can attack these other areas."
Texas Rep. August Pfluger, who sits on the House Homeland Security Committee, said that Biden is "permitting Putin to harbor cybercriminals who are operating indiscriminately within Russia’s border to advance his malign agenda."
"If our critical infrastructure is to be secured and protected, this must be addressed. I have severe doubts of the effectiveness of handing Putin an ‘off-limits’ list," Pfluger continued. "Energy security is national security, and likewise, the U.S. must protect our agriculture production and food supply."
South Carolina Rep. Ralph Norman, another member of the House Homeland Security Committee, called Biden's list "an insult to the American people." The president "should have made it abundantly clear that the United States will not tolerate cyberattacks of any kind," Norman said.
"The tensions on the cyberattack issues were clear; President Biden said, ‘please don’t attack us,’ not ‘here’s what the United States is going to do about this,'" Florida Rep. Cat Kammack, who also sits on the House Homeland Security Committee, told Fox News.
Michigan Rep. Peter Meijer told Fox News that every "American individual and entity should be off limits from Russian-based hackers," adding that America needs "to use the full weight of our national security apparatus to punish any who attack our country."
"The 16 CISA-designated sectors are critical to protect, but no area should be left unprotected from cyber-attacks," Meijer added.
"This is yet another example of President Biden’s lack of judgment, especially when it comes to dealing with our adversaries," Florida Rep. Carlos Gimenez told Fox News. "The Russians need to know that all Americans are off-limits from their cyber attacks, not just Biden's select few."
"Instead of submitting a list of 16 off-limit items, President Biden should've made clear that any cyberattack on America is unacceptable and that those responsible will be held to account for their actions. Giving Putin a list was weak," Tennessee Rep. Diana Harshbarger told Fox News
North Carolina Rep. Dan Bishop similarly said that every piece and sector of American infrastructure "should be off-limits to cyberattacks."
"This is not up for debate and President Biden should have made that clear. Weakness on the international stage has severe consequences," Bishop added.
"All of America should be protected from Russian hack, and our President should have made it very clear that any Russia-based cyber attack would face immediate response from the United States," Rep. Clay Higgins, R-La., told Fox News.
"Instead of drawing a hard line, Biden declared open season on every industry not included in CISA’s definition of critical infrastructure," Higgins added. "We should not condone any form of Russian aggression against U.S. interests. We should have a policy of zero tolerance."
Rep. Andrew Clyde, R-Ga., told Fox News that Biden's list "is nothing more than an ornately wrapped present that was hand-delivered to the Kremlin."
The White House did not return Fox News’ request for comment.
Fox News’ Cameron Cawthorne, Peter Hasson and Morgan Phillips contributed reporting.