The White House released a National Security Memorandum (NSM) today containing a new set of actions aimed to strengthen cybersecurity efforts to protect United States critical infrastructure amid the growing number of cyber threats and cyberattacks.
The NSM directs the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), in collaboration with other agencies, to develop cyber performance standards for critical infrastructure.
“We expect those standards will assist companies responsible for providing essential services like power, water, and transportation to strengthen their cybersecurity,” the White House said in a July 28 press release.
The NSM also officially establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative.
“The ICS initiative is a voluntary, collaborative effort between the Federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings,” the White House said. “The Initiative began in mid-April with an Electricity Subsector pilot, and already over 150 electricity utilities representing almost 90 million residential customers are either deploying or have agreed to deploy control system cybersecurity technologies.”
The White House noted it is currently developing an action plan for natural gas pipelines as well and “additional initiatives for other sectors will follow later this year.”
Additionally, the White House noted the DHS’ Transportation Security Administration (TSA) second security directive released last week will also require owners and operators of pipelines to implement a series of cybersecurity protections.
The security directive requires owners and operators of TSA-designated critical pipelines to implement urgently needed protections against cyber intrusions, including ransomware attacks. In addition, it aims to develop and implement a cybersecurity contingency and recovery plan and conduct an annual cybersecurity architecture design review.
“Given the evolving threat we face today, we must consider new approaches, both voluntary and mandatory,” the White House said. “We look to responsible critical infrastructure owners and operators to follow voluntary guidance as well as mandatory requirements in order to ensure that the critical services the American people rely on are protected from cyber threats.”