usa

Biden Pushes Cybersecurity Upgrades For Critical Infrastructure After Recent Hacks

biden-pushes-cybersecurity-upgrades-for-critical-infrastructure-after-recent-hacks

Fuel holding tanks are pictured at Colonial Pipeline’s Dorsey Junction Station in Woodbine, Maryland in May 2021, the month that a cyberattack disrupted gas supply to the eastern U.S. for several days. Drew Angerer/Getty Images hide caption

toggle caption

Drew Angerer/Getty Images

Fuel holding tanks are pictured at Colonial Pipeline’s Dorsey Junction Station in Woodbine, Maryland in May 2021, the month that a cyberattack disrupted gas supply to the eastern U.S. for several days.

Drew Angerer/Getty Images

President Biden just signed a national security directive aimed at boosting defenses against ransomware attacks and the hacking of critical infrastructure like energy, food, water and power systems.

The directive sets performance standards for technology and systems used by private companies in those sectors — though it can’t force those companies to comply.

As Cyberattacks Surge, Biden Is Seeking To Mount A Better Defense

The memorandum follows a series of high-profile attacks on a major pipeline and the country’s biggest meat supplier (those have been linked to groups operating in Russia, and Biden says he raised the issue with Russian President Vladimir Putin when they met last month).

A senior administration official, speaking on condition of anonymity, told reporters that the new standards will be voluntary.

For reference, almost 90% of the country’s critical infrastructure is owned and run by the private sector, and the government has limited authority over their cybersecurity requirements.

But the official says the Biden administration may pursue legislative options, with help from Congress, to require the kind of technological improvements that would defend against such cyberattacks.

Hacks Are Prompting Calls For A Cyber Agreement, But Reaching One Would Be Tough

“Short of legislation, there isn’t a comprehensive way to require deployment of security technologies and practices that address the threat environment that we face,” they added.

For now: The government may draw up the standards, but it’s up to private companies to decide whether to follow them.

Leave a Reply

Your email address will not be published. Required fields are marked *