Cyber Security Standards For Critical Infrastructure

Uploaded on 2021-08-04 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

The White House is issuing a national security memo instructing the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to establish cyber security performance goals for private-sector owners and operators of critical infrastructure.

The goal is to set comprehensive expectations for cyber security across all sectors of critical infrastructure at a time when private companies might be more inclined to meet them, a senior administration official told reporters recently.

The official said the administration expects the action will make a difference even though it’s not a requirement because of “the fact that it's being announced by the president in the context of the Transportation Security Administration’s recent mandate, in the context of us openly saying that we really are committed to addressing the limited and piecemeal regulation, in the context of the current environment where the threat is known and seen by critical infrastructure owners and private sectors.” 

“You look at a Colonial Pipeline...  you look at Kaseya, there is now a different threat,” said the official, listing victims of recent ransomware attacks with reverberating effects. “The threats that many people talked about have become real. So we believe these goals will be viewed differently.”

The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.

In contrast with typical industry reactions to the prospect of government mandates, Colonial Pipeline CEO Joseph Blunt told the Senate Homeland Security Committee having standards to follow would be useful.

The administration’s approach is exemplified by work the Department of Energy is doing to get companies in that sector to put specific technology in place to protect industrial control systems, the official said, noting the cooperation of 150 electric utilities in that effort and that “additional initiatives for other sectors will follow later this year.”

A White House spokesman said the Biden  administration is committed to finding innovative ways of working with the private sector and wants its initial steps to be voluntary but also signaled plans to work with Congress to secure the authority that would allow it to issue broad cybersecurity mandates.

“Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we see,” the official said. “The absence of mandated cyber security requirements for critical infrastructure is what, in many ways, has brought us to the level of vulnerability we have today.  We're committed to addressing it. We're starting with voluntary, as much as we can because we want to do this in full partnership, but we're also pursuing all options we have in order to make the rapid progress we need.”

White House:    DefenseOne:   NextGov:    CNBC:     Homeland Preparedness:     Yahoo:    Image: Unsplash

You Might Also Read: 

Biden Goes After Chinese & Russian Cyber Attackers:

 

« AI Tool Promises A Medical Revolution
Cyber Attacks May Lead To A “shooting war” »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Outsource Group

Outsource Group

Outsource Group is an award winning Cyber Security and IT Managed Services group working with a range of SME/Enterprise customers across the UK, Ireland and internationally.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Halo Security

Halo Security

Halo Security is a fast, easy, and scalable external attack surface management platform that gives security leaders deep visibility into their internet-facing assets.