Cyber Security Standards For Critical Infrastructure

The White House is issuing a national security memo instructing the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to establish cyber security performance goals for private-sector owners and operators of critical infrastructure.

The goal is to set comprehensive expectations for cyber security across all sectors of critical infrastructure at a time when private companies might be more inclined to meet them, a senior administration official told reporters recently.

The official said the administration expects the action will make a difference even though it’s not a requirement because of “the fact that it's being announced by the president in the context of the Transportation Security Administration’s recent mandate, in the context of us openly saying that we really are committed to addressing the limited and piecemeal regulation, in the context of the current environment where the threat is known and seen by critical infrastructure owners and private sectors.” 

“You look at a Colonial Pipeline...  you look at Kaseya, there is now a different threat,” said the official, listing victims of recent ransomware attacks with reverberating effects. “The threats that many people talked about have become real. So we believe these goals will be viewed differently.”

The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.

In contrast with typical industry reactions to the prospect of government mandates, Colonial Pipeline CEO Joseph Blunt told the Senate Homeland Security Committee having standards to follow would be useful.

The administration’s approach is exemplified by work the Department of Energy is doing to get companies in that sector to put specific technology in place to protect industrial control systems, the official said, noting the cooperation of 150 electric utilities in that effort and that “additional initiatives for other sectors will follow later this year.”

A White House spokesman said the Biden  administration is committed to finding innovative ways of working with the private sector and wants its initial steps to be voluntary but also signaled plans to work with Congress to secure the authority that would allow it to issue broad cybersecurity mandates.

“Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we see,” the official said. “The absence of mandated cyber security requirements for critical infrastructure is what, in many ways, has brought us to the level of vulnerability we have today.  We're committed to addressing it. We're starting with voluntary, as much as we can because we want to do this in full partnership, but we're also pursuing all options we have in order to make the rapid progress we need.”

White House:    DefenseOne:   NextGov:    CNBC:     Homeland Preparedness:     Yahoo:    Image: Unsplash

You Might Also Read: 

Biden Goes After Chinese & Russian Cyber Attackers:

 

« AI Tool Promises A Medical Revolution
Cyber Attacks May Lead To A “shooting war” »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

Forensic Control

Forensic Control

Forensic Control specialise in providing simple & straightforward Cyber Security to organisations, helping them assess, prevent and respond to cyber threats.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.

MARS Suite

MARS Suite

MARS Suite is your all-in-one solution for cyber protection & compliance. Cybersecurity and risk management is what we do best. And we’re making it simple and easy.

Ekinops

Ekinops

Ekinops is a leading provider of open, trusted and innovative network connectivity solutions to service providers around the world.