President Joe Biden is urging power plants, water treatment plants, and other US infrastructure linchpins to bolster their cyber defenses because stricter regulations are likely on the way.
The president signed a national security memorandum Wednesday, launching an initiative to establish “performance controls” for cyber security at these critical companies and utilities.
These recommendations are voluntary, but the White House hopes they’ll spur private companies to strengthen their cyber security, senior administration officials told Reuters.
This initiative comes after a number of high-profile cyber attacks have hit US companies and government agencies, including a ransomware attack that disrupted gasoline supplies in the southeast US.
“These are the thresholds that we expect responsible owners and operators to go by,” a White House official said. “The absence of mandated cyber security requirements for critical infrastructure is what in many ways has brought us to the level of vulnerability that we have today.”
The initiative to improve cyber security defenses will be a public-private partnership, the White House said. Officials describe the current state of cyber security rules for critical infrastructure companies as “patchwork” and “piecemeal.”
“The federal government cannot do this alone,” the official said. “Almost 90% of critical infrastructure is owned and operated by the private sector.”
“We’ve kicked the can down the road for a long time.”
On Tuesday, Biden warned if the United States ended up in a “real shooting war” with a “major power,” it could be the result of a significant cyber attack. The federal government sees a growing threat posed by hackers from Russia, China, Iran, and North Korea.
Earlier this month, the White House urged mayors to meet with their state government cyber security chiefs to reassess security postures in light of recent ransomware attacks.
Earlier this month, a report from Trend Micro found that 84% of US organizations have reported phishing or ransomware security incidents in the last 12 months. The research also found that half of US organizations are not effective at countering phishing and ransomware threats.
