In an effort to promote cybersecurity and raise awareness of the physical and digital threats to critical infrastructure, President Biden has declared that November will be “Critical Infrastructure Security and Resilience” month. The announcement reaffirms the White House’s commitment to strengthening critical infrastructure “by building better roads, bridges, and ports; fortifying our information technology and cybersecurity across sectors, including election systems; safeguarding our food and water sources; moving to clean energy; and strengthening all other critical infrastructure sectors”.
These actions will help to maintain and establish better connections between federal agencies and private companies, which operate most of the “critical infrastructure” in the United States. Along with the announcement of Critical Infrastructure Security and Resilience Month, President Biden has stated that the White House will lay out international standards required for cybersecurity.
The Cybersecurity and Infrastructure Agency, part of the Department of Homeland Security, has recently urged all private organizations in charge of critical infrastructure to strengthen their cybersecurity protocols, which may include preparedness training, implementing the latest technical and physical safeguards, and considering how their infrastructure may be vulnerable to attack.
In line with this messaging and the broader push from the Whitehouse towards better cybersecurity, CISA has published a set of performance goals for critical infrastructure organizations. These voluntary goals were written to help organizations achieve minimum security standards, and are “a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.” These practices include tips on training, third-party risk management, governance, and device security.
The proclamation also highlighted the need to consider the climate emergency when considering infrastructure security. President Biden stated:
“When our critical infrastructure shows signs of wear, everyday Americans pay the price. When powerful storms and forest fires — made more frequent and ferocious by climate change — shut down energy grids, families can lose power for weeks. When unsecure networks are hacked, critical services can go offline, and businesses can suffer huge losses. When bridges collapse and first responders must travel further to reach disaster sites, Americans can die. Crumbling infrastructure around the world affects us at home as well: Extreme weather, cyberattacks, and other disasters have ripple effects, threatening global stability and disrupting supply chains everywhere.”