Critical Infrastructure Security, Governance, Risk and Compliance

Updated US critical infrastructure cyber defense policy unveiled

CISA warns buggy Sophos, Oracle, Microsoft apps join Known Exploited Vulnerabilities list

Significant changes in the cyber threat landscape brought upon by the increasing sophistication of nation-state threat operations, particularly from China, and the advancements in artificial intelligence have prompted the Biden administration to update the over a decade-old critical infrastructure defense policy issued by the Obama administration, according to CNBC.

Under the rewritten policy, the Department of Homeland Security has been tasked to work with the Cybersecurity and Infrastructure Security Agency in overseeing efforts to curtail Chinese cybersecurity threats against the country's critical infrastructure, while U.S. intelligence agencies have been required to share relevant classified information with private critical infrastructure owners and operators. Such a policy also systematizes the role of CISA in defending federal cybersecurity as the agency has only been formed five years after the publication of the Obama-era rule.

"The policy is particularly relevant today, given continued disruptive ransomware attacks, cyberattacks on U.S. water systems by our adversaries," noted a senior Biden administration official.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.