Security News > 2021 > July > 'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection
!['Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection](/static/build/img/news/alt/cyberattack-stats-medium.jpg)
The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "Woefully insufficient" security posture.
"The Memorandum was accompanied by transcripts of remarks made by a"Senior administration official" who said the edicts are needed because "We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.
The Memo outlines plans to change that, with an "Industrial Control Systems Cybersecurity Initiative" that sees government and industry collaborate to define security baselines.
The administration also wants security baselines to become consistent across all critical infrastructure sectors.
The Memo tasks the Secretary of the Department of Homeland Security with issuing preliminary goals for control systems across critical infrastructure sectors no later than September 22, 2021.
Despite the transcript repeatedly referring to a lack of statutes mandating certain security practices, and mentioning recent mandates introduced by the Transportation Security Administration to set security requirements for oil pipeline operators, the Memo doesn't discuss whether critical infrastructure operators need to be compelled to act.
News URL
Related news
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Ransomware continues to pile on costs for critical infrastructure victims (source)
- Two Russians sanctioned over cyberattacks on US critical infrastructure (source)
- New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure (source)
- Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) (source)
- Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild (source)