Following high-profile attacks on a major gas pipeline, a water control facility, and other critical infrastructure facilities in recent months, the Biden administration is establishing a new information-sharing and collaboration initiative with the private sector to improve the security of ICS systems and address the latent weaknesses and vulnerabilities in many of those environments.
The initiative is part of a broader effort to upgrade critical infrastructure (CI) security that President Joe Biden laid out in a National Security Memorandum he signed Wednesday. The memo also lays the groundwork for the federal government to create a set of security performance goals for critical infrastructure operators, baseline security practices that should be in place across critical infrastructure sectors. The initial set of performance goals will be published by Sept. 22, with the final goals due by July 2022.
Biden’s critical infrastructure security effort comes two months after the DarkSide ransomware attack on the Colonial Pipeline, an incident that led to a temporary fuel shortage in some southern states and a ransom payment of $4.4 million. The FBI later recovered more than $2 million of that money, but that attack and a subsequent one on meat producer JBS Meats had the effect of galvanizing the administration and spurring action in a number of areas. In a recent conversation with Russian President Vladimir Putin, Biden brought up the issue of ransomware and attacks on critical infrastructure by cybercrime groups based in Russia, and said the U.S. “will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.”
In the new memo, Biden emphasizes the need for cooperation between federal agencies and critical infrastructure operators to shore up security in environments such as the electrical grid, water, gas, and others. Earlier this year, the administration began a pilot security improvement program in the electrical sector, and the memo expands that to other critical infrastructure sectors.
“We can set the goals, but we need companies to do their part to meet them. The American people are counting on it.”
“The Initiative builds on, expands, and accelerates ongoing cybersecurity efforts in critical infrastructure sectors and is an important step in addressing these threats. We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems,” the memo says.
As part of the initiative, the Department of Homeland Security and the National Institute of Standards and Technology will develop the baseline performance goals for the critical infrastructure sectors. While the goals themselves are still in the beginning stage of development, what they’re meant to accomplish is clear.
“These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services. That effort may also include an examination of whether additional legal authorities would be beneficial to enhancing the cybersecurity of critical infrastructure, which is vital to the American people and the security of our Nation,” the memo says.
Security is difficult in the best of circumstances, and trying to defend a wide range of critical infrastructure networks and facilities that are mostly in private hands is not the best of circumstances. Doing so requires the cooperation of the infrastructure operators and the Cybersecurity and Infrastructure Security Agency (CISA), the federal agency tasked with defending CI networks. Jen Easterly, the newly confirmed director of CISA, said the new initiatives in the memo are welcome additions.
“I commend [Biden] for doubling down on his commitment to bolster critical infrastructure cybersecurity & protect our national critical functions. Recent incidents like the ransomware attacks on Colonial Pipeline & JBS show the urgent need to implement strong security controls,” Easterly said on Twitter.
“We can set the goals, but we need companies to do their part to meet them. The American people are counting on it.”