REUTERS
The White House is signaling to critical infrastructure companies in the United States that they must improve their cyber defenses because additional potential regulation is on the horizon.
U.S. President Joe Biden signed a national security memorandum in late July 2021 that launched a new public-private initiative that creates performance controls for cybersecurity at America’s most critical companies, including water treatment and electrical power plants.
The recommendations are voluntary, but the administration hopes it will cause companies to improve their cybersecurity ahead of other policy efforts, a senior administration official said.
The announcement comes after multiple high-profile cyberattacks this year crippled U.S. companies and government agencies, including a ransomware incident that disrupted gasoline supplies.
“These are the thresholds that we expect responsible owners and operators to go,” the official said. “The absence of mandated cybersecurity requirements for critical infrastructure is what in many ways has brought us to the level of vulnerability that we have today.”
Biden warned that if the United States ended up in a “real shooting war” with a major power, it could be the result of a significant cyberattack on the United States, highlighting what Washington sees as a growing threat posed by hackers from Iran, North Korea, the People’s Republic of China and Russia (Pictured: The U.S. is urging energy providers such as this power plant in Adamsville, Alabama, to boost their cyber defenses.)
“The federal government cannot do this alone,” the official said. “Almost 90% of critical infrastructure is owned and operated by the private sector. Securing it requires a whole-of-nation effort.”
The official described the current state of cybersecurity rules for critical infrastructure companies as “patchwork” and “piecemeal.”
“We’ve kicked the can down the road for a long time,” the official said.
IMAGE CREDIT: AFP/GETTY IMAGES