In the coming weeks, the US administration is expected to publish a strategy for the cyber security of critical national infrastructures.
For the first time in American history, this will be a comprehensive strategy that will include mandatory regulation. This is unlike any other strategy that includes recommendations for action or an expectation of voluntary cooperation.
Anne Neuberger, President Biden’s deputy adviser for national security and emerging technologies, believes voluntary partnerships aren’t enough to protect the American national infrastructure.
According to the information that continues to be published, the strategy will include reference to the following issues:
– Cyber protection of dams – this is an issue that is considered one of the most complex because the handling of dams as a national infrastructure is divided between the Department of Defense, the Department of Homeland Security, and the Department of the Interior and it is not clear what the minimum standard for security is. This is the place to mention that in 2016 the US convicted hackers linked to the Iranian government for trying to sabotage a dam in New York state.
– Chemical plants – the Department of Homeland Security is responsible for the protection of chemical plants, but the standards for this have not been updated for a long time. The update process is expected to begin this spring.
– The water sector – within the next month, the American Environmental Protection Agency (EPA) is expected to publish a memorandum on the subject. According to senior officials exposed to the document, this is an example of excellent cooperation between the agency and the National Cyber Defense Agency (CISA) in dedicated sector protection.
– The aviation sector – in the coming months, the next steps relevant to the aviation sector will be announced, after the American Transportation Authority will conduct a comprehensive examination to identify gaps in the scope of its personnel and their skills to deal with cyber incidents.
In Israel critical infrastructure has been protected by law for years and doesn’t depend on the “goodwill” of its owners. In this way, dilemmas regarding the distribution of responsibilities among the various sectors were also avoided.
What the full strategy looks like and what the reactions are to it, as well as whether the protection of infrastructure will improve, will be very interesting to observe.
I talked about the topic in Nachshon Pincho’s ICS cyber talks podcast – here is the link: