Security News > 2021 > July > 'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection

'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection
2021-07-29 05:15

The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "Woefully insufficient" security posture.

"The Memorandum was accompanied by transcripts of remarks made by a"Senior administration official" who said the edicts are needed because "We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.

The Memo outlines plans to change that, with an "Industrial Control Systems Cybersecurity Initiative" that sees government and industry collaborate to define security baselines.

The administration also wants security baselines to become consistent across all critical infrastructure sectors.

The Memo tasks the Secretary of the Department of Homeland Security with issuing preliminary goals for control systems across critical infrastructure sectors no later than September 22, 2021.

Despite the transcript repeatedly referring to a lack of statutes mandating certain security practices, and mentioning recent mandates introduced by the Transportation Security Administration to set security requirements for oil pipeline operators, the Memo doesn't discuss whether critical infrastructure operators need to be compelled to act.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/29/biden_memo_on_critical_infrastructure_control_systems_security/