Biden signed a memorandum formalizing an initiative launched in April to strengthen ICS security.
US President Joe Biden signed a memorandum on the cybersecurity of critical infrastructure. According to the memorandum, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) are tasked with developing cybersecurity standards for organizations managing critical infrastructure.
The memorandum defines and formalizes the initiative launched in April this year to strengthen the security of ICS, which are currently subject to a flurry of attacks from both cybercriminals and government agencies.
In a press briefing, a senior presidential administration official explained that federal cybersecurity regulation in the United States is industry-specific. According to him, the country has a “patchwork quilt of sectoral legislation, which was adopted in parts, usually in response to individual security threats in certain sectors that attracted public attention.” The official also noted that no strategic coordinated cybersecurity requirements for critical infrastructure currently exist.
The memo formalizes the Industrial Control Systems Cybersecurity Initiative, which the White House says is “a voluntary collaborative effort by the federal government and the critical infrastructure community to dramatically improve the cybersecurity of critical systems.”
The first part of the initiative began with the electricity subsector, according to a White House statement. Now the second round is being launched, which includes gas pipelines, and then water purification systems and the chemical industry will follow.
As part of the initiative, more than 150 utilities serving nearly 90 million consumers have deployed or agreed to deploy ICS cybersecurity technologies, according to Biden administration officials.
The White House acknowledged that each organization has different cybersecurity needs, however, mandated CISA and NIST to work together to develop basic cybersecurity standards “consistent across all critical infrastructure sectors” as well as “security controls for selected critical infrastructure dependent from control systems “
The US Department of Homeland Security is to submit preliminary instructions by September 22 this year. The final draft of the rules is due in a year. Sector-specific regulations for critical infrastructure will also be released within one year.
Catch up on more stories here
Follow us on Facebook here