In a national security memorandum released Wednesday, President Biden announced a new government initiative to improve the cybersecurity of critical infrastructure. The memorandum also asks the federal government to develop cybersecurity goals the infrastructure sector might aim to reach.
The Industrial Control System Cybersecurity Initiative will be a voluntary collaboration between the government and critical infrastructure sectors to "defend the United States’ critical infrastructure by encouraging and facilitating deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks."
It will approach that on a sector-by-sector basis through the established Sector Risk Management Agencies.
Bolstering OT network visibility will be a key component of the plan, with hopes of improving the collective defense through information sharing.
This effort is based on similar sectoral initiatives implemented earlier in the year for the energy grid, and oil and gas pipelines, which the memorandum refers to as pilot programs.
The memorandum also instructs the Department of Homeland Security and National Institute of Standards and Technology to develop "cybersecurity performance goals for critical infrastructure to further a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety."
DHS and NIST are instructed to have general goals available by Sept. 22, with sector-specific goals following within a year.
The memorandum immediately drew praise from Sen. Mark Warner, D-Va.
"I applaud the Biden administration for taking additional steps to secure our critical infrastructure and bolster our cybersecurity standards after a wave of cyberattacks," he said in a statement. "As the administration noted, we know that in order to mitigate the aftermath of these cyberattacks, we need open communication and transparency from affected entities to better anticipate and respond to these national security threats."
Warner continued on to say the goals of this memorandum dovetail nicely with his recently introduced bill to mandate more communication from various critical enterprises about cyber incidents with national security implications.