Cyber Security Standards For Critical Infrastructure

Uploaded on 2021-08-04 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

The White House is issuing a national security memo instructing the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to establish cyber security performance goals for private-sector owners and operators of critical infrastructure.

The goal is to set comprehensive expectations for cyber security across all sectors of critical infrastructure at a time when private companies might be more inclined to meet them, a senior administration official told reporters recently.

The official said the administration expects the action will make a difference even though it’s not a requirement because of “the fact that it's being announced by the president in the context of the Transportation Security Administration’s recent mandate, in the context of us openly saying that we really are committed to addressing the limited and piecemeal regulation, in the context of the current environment where the threat is known and seen by critical infrastructure owners and private sectors.” 

“You look at a Colonial Pipeline...  you look at Kaseya, there is now a different threat,” said the official, listing victims of recent ransomware attacks with reverberating effects. “The threats that many people talked about have become real. So we believe these goals will be viewed differently.”

The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.

In contrast with typical industry reactions to the prospect of government mandates, Colonial Pipeline CEO Joseph Blunt told the Senate Homeland Security Committee having standards to follow would be useful.

The administration’s approach is exemplified by work the Department of Energy is doing to get companies in that sector to put specific technology in place to protect industrial control systems, the official said, noting the cooperation of 150 electric utilities in that effort and that “additional initiatives for other sectors will follow later this year.”

A White House spokesman said the Biden  administration is committed to finding innovative ways of working with the private sector and wants its initial steps to be voluntary but also signaled plans to work with Congress to secure the authority that would allow it to issue broad cybersecurity mandates.

“Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we see,” the official said. “The absence of mandated cyber security requirements for critical infrastructure is what, in many ways, has brought us to the level of vulnerability we have today.  We're committed to addressing it. We're starting with voluntary, as much as we can because we want to do this in full partnership, but we're also pursuing all options we have in order to make the rapid progress we need.”

White House:    DefenseOne:   NextGov:    CNBC:     Homeland Preparedness:     Yahoo:    Image: Unsplash

You Might Also Read: 

Biden Goes After Chinese & Russian Cyber Attackers:

 

« AI Tool Promises A Medical Revolution
Cyber Attacks May Lead To A “shooting war” »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

Network Box

Network Box

Network Box is one of the world's leading Managed Security Service Providers.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Procsima Group

Procsima Group

Procsima Group was created to help you achieve good IT management and security excellence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.