By Daniel Simonds – GTPF

On July 28th, 2021, the White House Published the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. This memorandum is important because it demonstrates that the current administration is aware of the severity of cyber-attacks targeting critical infrastructure, is actively trying to counteract them, and understands which systems used by critical infrastructure sectors need protection.

This memorandum acknowledges that the protection of U.S. critical infrastructure is a responsibility of “the government at the Federal, State, local, tribal, and territorial levels and of the owners and operators of that infrastructure.” This is important because it demonstrates that the Federal Government is invested in protecting critical infrastructure and not leaving it entirely to the private sector.

“Section 1: Policy” of the memorandum demonstrates that the Biden administration understands that cyber-attacks on critical infrastructure can have a “debilitating effect on national security, economic security, public health or safety, or any combination thereof” as it emphasizes that the administration’s policy will have a specific focus on the “cybersecurity and resilience of systems supporting National Critical Functions”.

“Section 2: Industrial Control Systems Cybersecurity Initiative (ICS),” announces a collaborative Federal Government and critical infrastructure ICS security initiative. Notably, this initiative emphasizes the need to defend the United States’ critical infrastructure by “encouraging and facilitating the deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities” in ICS environments and vastly expand the deployment of these cybersecurity technologies across U.S. priority critical infrastructures.

“Section 3:  Furthering the Industrial Control Systems Cybersecurity Initiative,” introduces that the implementation of the ICS initiative has already begun with a pilot effort for the Electricity Subsector, and similar efforts for the natural gas pipeline sector, Water and Wastewater Sector Systems, and Chemical Sector will follow later this year 2021. This is important as these are critical infrastructure sectors that globally have been targeted by cyber-attacks. 

“Section. 4.  Critical Infrastructure Cybersecurity Performance Goals,” acknowledges the need for a consistent set of baseline critical infrastructure cybersecurity goals and specific security measures and standards for critical infrastructures dependent on what control systems they use. The effort to create this set of critical infrastructure cybersecurity standards will begin with the Secretary of Homeland Security working with the Secretary of Commerce and other applicable agencies to develop and issue “cybersecurity performance goals for critical infrastructure to further a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security as well as public health and safety.” This section is important because it promotes the creation of baseline security standards consistent across all critical infrastructure but also acknowledges that the sectors that fall within this framework of critical infrastructure also require different levels and means of protection depending on what control systems they implement as different control systems have different vulnerabilities.                                              

Citations:

“National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.” The White House, The United States Government, 28 July 2021, www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/.