Cyber Security Standards For Critical Infrastructure

The White House is issuing a national security memo instructing the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to establish cyber security performance goals for private-sector owners and operators of critical infrastructure.

The goal is to set comprehensive expectations for cyber security across all sectors of critical infrastructure at a time when private companies might be more inclined to meet them, a senior administration official told reporters recently.

The official said the administration expects the action will make a difference even though it’s not a requirement because of “the fact that it's being announced by the president in the context of the Transportation Security Administration’s recent mandate, in the context of us openly saying that we really are committed to addressing the limited and piecemeal regulation, in the context of the current environment where the threat is known and seen by critical infrastructure owners and private sectors.” 

“You look at a Colonial Pipeline...  you look at Kaseya, there is now a different threat,” said the official, listing victims of recent ransomware attacks with reverberating effects. “The threats that many people talked about have become real. So we believe these goals will be viewed differently.”

The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.

In contrast with typical industry reactions to the prospect of government mandates, Colonial Pipeline CEO Joseph Blunt told the Senate Homeland Security Committee having standards to follow would be useful.

The administration’s approach is exemplified by work the Department of Energy is doing to get companies in that sector to put specific technology in place to protect industrial control systems, the official said, noting the cooperation of 150 electric utilities in that effort and that “additional initiatives for other sectors will follow later this year.”

A White House spokesman said the Biden  administration is committed to finding innovative ways of working with the private sector and wants its initial steps to be voluntary but also signaled plans to work with Congress to secure the authority that would allow it to issue broad cybersecurity mandates.

“Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we see,” the official said. “The absence of mandated cyber security requirements for critical infrastructure is what, in many ways, has brought us to the level of vulnerability we have today.  We're committed to addressing it. We're starting with voluntary, as much as we can because we want to do this in full partnership, but we're also pursuing all options we have in order to make the rapid progress we need.”

White House:    DefenseOne:   NextGov:    CNBC:     Homeland Preparedness:     Yahoo:    Image: Unsplash

You Might Also Read: 

Biden Goes After Chinese & Russian Cyber Attackers:

 

« AI Tool Promises A Medical Revolution
Cyber Attacks May Lead To A “shooting war” »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

Kaymera Technologies

Kaymera Technologies

Kaymera’s comprehensive mobile enterprise security solution defends against all mobile threat and attack vectors.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Qasky

Qasky

Anhui Qasky Quantum Technology Co. Ltd. (Qasky) is a new high-tech enterprise engaged in quantum information technology industrialization in China.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.