(Bloomberg) — The Biden administration on Wednesday will release a national security memorandum aimed at improving voluntary cybersecurity standards for companies that provide critical infrastructure.
The memorandum will direct a pair of agencies within the Department of Homeland Security and the Treasury Department to create cybersecurity performance guidelines, according to a senior administration official who briefed reporters under a condition of anonymity. It will also establish a partnership between the federal government and companies that run industrial control systems, with the intention of providing those critical sectors with new tools and technology to defend against cyberattacks.
Such a partnership was informally started as a pilot program for the electricity sector in April, just weeks before Russian hackers executed a ransomware attack against Colonial Pipeline Co. , forcing the company to temporarily shut down the nation’s largest fuel pipeline. Since then, more than 150 power industry utilities have enrolled in the voluntary program, the official said.
The official emphasized that the U.S. government couldn’t protect critical parts of the economy without help from the private sector.
The government is optimistic that compliance with the voluntary guidelines will help companies defend sensitive segments of their computer networks that control industrial operations. Attacks on industrial controls are particularly dangerous and can lead to contaminated water or food supplies, power shutdowns or even cause substations to explode. The U.S. has defined 16 sectors as critical, including dams, energy, critical manufacturing, food and agriculture and water and wastewater systems.
The initiative is also intended to help the U.S. streamline its current patchwork of cybersecurity guidance, standards and regulations that vary by agency and sector, the official said.
President Joe Biden’s memorandum comes a day after members of Congress called for tighter security standards for industrial control security during a Senate Judiciary Committee hearing on ransomware attacks.
Senator Ted Cruz, a Texas Republican, said the president had “responded to an extreme threat with extreme weakness,” while Senator Sheldon Whitehouse, Democrat from Rhode Island, criticized critical infrastructure companies’ inability to meet “basic standards of cyber hygiene.”
Whitehouse also called on the Biden administration to promptly work with lawmakers to move a bill aimed at creating breach reporting requirements for certain companies. The administration official said the administration remains open to other options, including legislation, that would make critical infrastructure guidelines mandatory.
The Biden administration and the Transportation Security Administration have already moved forward plans to tighten security for oil, fuel and natural gas pipelines, including requirements to improve their reporting and reviews of pipeline security. Additional sectors are also likely to receive similar directives before the end of the year, according to the official.
More stories like this are available on bloomberg.com
©2021 Bloomberg L.P.