Cyber Security Standards For Critical Infrastructure

The White House is issuing a national security memo instructing the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to establish cyber security performance goals for private-sector owners and operators of critical infrastructure.

The goal is to set comprehensive expectations for cyber security across all sectors of critical infrastructure at a time when private companies might be more inclined to meet them, a senior administration official told reporters recently.

The official said the administration expects the action will make a difference even though it’s not a requirement because of “the fact that it's being announced by the president in the context of the Transportation Security Administration’s recent mandate, in the context of us openly saying that we really are committed to addressing the limited and piecemeal regulation, in the context of the current environment where the threat is known and seen by critical infrastructure owners and private sectors.” 

“You look at a Colonial Pipeline...  you look at Kaseya, there is now a different threat,” said the official, listing victims of recent ransomware attacks with reverberating effects. “The threats that many people talked about have become real. So we believe these goals will be viewed differently.”

The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.

In contrast with typical industry reactions to the prospect of government mandates, Colonial Pipeline CEO Joseph Blunt told the Senate Homeland Security Committee having standards to follow would be useful.

The administration’s approach is exemplified by work the Department of Energy is doing to get companies in that sector to put specific technology in place to protect industrial control systems, the official said, noting the cooperation of 150 electric utilities in that effort and that “additional initiatives for other sectors will follow later this year.”

A White House spokesman said the Biden  administration is committed to finding innovative ways of working with the private sector and wants its initial steps to be voluntary but also signaled plans to work with Congress to secure the authority that would allow it to issue broad cybersecurity mandates.

“Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we see,” the official said. “The absence of mandated cyber security requirements for critical infrastructure is what, in many ways, has brought us to the level of vulnerability we have today.  We're committed to addressing it. We're starting with voluntary, as much as we can because we want to do this in full partnership, but we're also pursuing all options we have in order to make the rapid progress we need.”

White House:    DefenseOne:   NextGov:    CNBC:     Homeland Preparedness:     Yahoo:    Image: Unsplash

You Might Also Read: 

Biden Goes After Chinese & Russian Cyber Attackers:

 

« AI Tool Promises A Medical Revolution
Cyber Attacks May Lead To A “shooting war” »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

Dtex Systems

Dtex Systems

Dtex combines endpoint visibility, targeted analytics, and analyst expertise to provide user threat detection.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

HelpSystems

HelpSystems

HelpSystems provides easy-to-use software for cybersecurity, IT operations management and monitoring, business intelligence, and document management.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

Blockchain Formula

Blockchain Formula

Blockchain Formula are leaders in Blockchain Application Development. Our services have led clients around the globe in innovating blockchain networks and solutions.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

Contechnet Deutschland

Contechnet Deutschland

Contechnet Deutschland started as a specialist in the area of IT disaster recovery and has since broadened its portfolio into information security and data protection.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

HKR Trainings

HKR Trainings

HKR Trainings provide you the best online classes with high quality facilities at a low price without any compromise on quality. Certifications cover a wide range of areas including cybersecurity.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.