On 28th July, US President Joe Biden signed a memorandum to improve cybersecurity in light of the many high profile cases. In a press release issued by the White House, it has been made very clear that this is a top priority, especially for the United States.
“Protection of our Nation’s critical infrastructure is a responsibility of the government at the Federal, State, local, tribal, and territorial levels and of the owners and operators of that infrastructure. The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation.”via a White House press release entitled “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems”
The National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems,” signed into power by President Biden, is long overdue after major incidents like the JBS and Colonial Pipeline incidents. The Colonial Pipeline incident, in particular, had the whole East Coast on its knees, so it is critical for the Biden Administration to take strict action to prevent any more such incidents in the future.
It is common knowledge that the current cybersecurity regulations in the US are sectoral in nature i.e. all the statutes that are related to cybersecurity are very sector-specific. This system has been around for a while and it is about time that new approaches should be considered in today’s evolving scenario.
What the Memorandum contains
The National Security Memorandum, as mentioned before, has been long overdue in these pressing times. As the name suggests, the simple aim of the memorandum is to help organizations handling critical infrastructure like pipelines, etc. to better prepare themselves for any cyber threats.
The first aspect of the memorandum to help deal with this threat is that it directs the Cybersecurity and Infrastructure Security Agency (CISA – a body under the Department of Homeland Security) and the National Institute of Standards and Technology (NIST – a body under the Department of Commerce) to develop “cybersecurity performance goals”. This is being done with the intention of guiding companies to keep up standards while strengthening their cybersecurity.
The next important aspect of the memorandum is the establishment of the President’s Industrial Control System Cybersecurity (ICS) Initiative. The initiative focuses on collaborative efforts with the critical infrastructure community to deploy systems that ensure threat visibility and warnings.
This is more of a formal establishment of the ICS initiative which started in mid-April and already has over 150 electricity utilities representing close to 90 million residential customers. These customers in the Electricity subsector have voluntarily agreed to deploy control system cybersecurity technologies in collaboration with the ICS initiative.
Previous efforts leading up to the NSM
Following the Colonial Pipeline and JBS attacks, the Department of Homeland Security (DHS) issued a statement directing the owners of critical pipeline infrastructure to report cybersecurity incidents, designate a Cybersecurity Coordinator, and conduct reviews of their present cybersecurity efforts.
Another directive from the Department of Homeland Security will require companies handling critical pipeline infrastructure to implement specific “mitigation measures” to protect themselves against ransomware attacks and other known threats to their data and technologies.
The directives also instruct the companies to come up with recovery and contingency plans for such attacks. The last measure is to conduct an “Annual Cybersecurity Architecture Design Review”. This is very important especially in these times where technology is always developing and that includes technology used for cyberattacks.
All of the efforts of the Biden Administration, including the Memorandum, the ICS initiative, and the aforementioned directives by the DHS, are the contributors to a focused and continuing effort to tackle the significant cyberthreats to critical sectors of the nation.
“The recommendations are voluntary in nature, but the administration hopes it will cause companies to improve their cybersecurity ahead of other policy efforts. We are pursuing all options we have in order to make the rapid progress we need.”via the statement of a senior White House official to Reuters