Cybersecurity for critical infrastructure, CISA and NIST to create benchmarks for organizations managing critical infrastructure
A recent memorandum signed by President Biden has put even more pressure on critical infrastructure to address their cybersecurity issues. In the memorandum, the president orders that CISA and NIST create cybersecurity standards for organizations that manage America’s critical infrastructure. This comes in the wake of large-scale attacks on Colonial Pipeline and JBS Foods that revealed just how few security measures were in place as well as how negative the consequences of an attack can be. As well, this follows the Executive Order from this past May that points to clear prioritization of cybersecurity and securing important industries due to the increasing frequency and scale of cyber attacks.
In the press briefing pertaining to the memorandum, a senior administration official said that there has long been a lack of centralized standards for cybersecurity in critical infrastructure. When there were standards, they were usually sector-specific, and they were often adopted only after an attack happened that garnered public attention. The official said that standards were either sector specific, mandated under state or local law, or limited and piecemeal, and he described this as “woefully insufficient given the evolving threat we face today.” This memorandum further builds upon the Industrial Control Systems Cybersecurity Initiative, which was made to be a collaborative effort between the federal government and critical infrastructure to improve their cybersecurity. The initiative has already helped over 150 electrical utilities begin to deploy control systems into their cybersecurity practices and will soon begin working with natural gas pipelines. Water, wastewater, and chemical sectors are expected to follow.
While each organization faces different needs, the White House still wants some form of standards that “are consistent across all critical infrastructure sectors.” They have ordered CISA and NIST to work together on making these standards which will then be released by DHS. DHS has until September 22 to release preliminary guidelines and one year to issue the final draft of these guidelines as well as sector-specific rules. The goal is to have these controls implemented across all infrastructure, as stronger standards could have prevented attacks such as the aforementioned Colonial Pipeline and JBS attacks. The act also goes hand-in-hand with a recent directive from DHS putting requiring more restrictive protections in place for pipelines.
Overall, the combination of all of these recent orders should assist in bringing America’s cybersecurity into more modern condition.
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Don’t Gamble With Your Security Contact us
Written By Michael Honrine