Critical Infrastructure Security, Governance, Risk and Compliance, Threat Intelligence

Shortcomings of updated US critical infrastructure defense policy evaluated

An aerial view of the Pentagon.

While the Biden administration has tweaked an Obama-era critical infrastructure defense policy to reflect the evolving cybersecurity threat landscape, such an update's failure to expand the scope of critical infrastructure to include cloud computing or space systems has been regarded by experts to be a significant limitation, CyberScoop reports.

"This review is 11 years after the first PPD-21 — to argue and to think that there's been no changes across those sectors in 11 years… that's disappointing," said Foundation for Defending Democracy's Center on Cyber and Technology Innovation Director Annie Fixler.

While Fixler and former Cybersecurity and Infrastructure Security Agency National Risk Management Center Director Bob Kolasky praised the official designation of CISA as the national coordinator of cybersecurity under the directive, the agency was noted by Fixler to still be limited in its operations by Congress. Moreover, implementation of the directive could also prove to be challenging amid the upcoming polls, she added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.