President Joe Biden signed a memorandum on July 28 that aims to bolster the United States’ critical infrastructure against cyberattacks.
The National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems addresses cybersecurity for critical infrastructure and implements long-overdue efforts to tackle cyber-related threats, according to a senior White House official who spoke with reporters during a briefing call.
The official noted that the purpose of the memorandum is to address what was described as a patchwork of sector-specific and state-level approaches that were adopted in piecemeal fashion over time in response to specific security threats as they arose.
“The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation,” the memorandum reads.
“The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.”
The series of actions in the memorandum seek to modernize existing cybersecurity efforts, while providing for better coordination between federal, state, local, and sectoral initiatives against cyber-threats.
One of the measures the memorandum implements is to direct the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop cybersecurity performance goals for the nation’s critical infrastructure.
Under the plan, the secretary of Homeland Security will issue preliminary goals for control systems across critical infrastructure sectors by Sept. 22. This will be followed by final goals within a year of the memorandum’s issuance.
“These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services,” the memorandum reads.
It also formally establishes the Industrial Control System Cybersecurity Initiative, which is a voluntary, collaborative effort between the federal government and the critical infrastructure community, aiming to expand the use of technologies to combat cyber threats.
“The primary objective of this Initiative is to defend the United States’ critical infrastructure by encouraging and facilitating deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks,” the memorandum states.
The memorandum signing comes after Biden warned on July 27 that if the United States ended up in a “real shooting war” with a “major power,” it could come in response to a significant cyber attack.
Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks, including network management company SolarWinds, the Colonial Pipeline company, meat processing firm JBS, and software company Kaseya.