White House says critical infrastructure firms must shape up on cybersecurity

White House
(Image credit: David Everett Strickler / Unsplash)

Energy providers and other critical infrastructure companies in the US must do more to improve their cyber defenses as additional regulations could be just around the corner according to the White House.

US President Joe Biden has also signed a national security memorandum dedicated to improving cybersecurity for critical infrastructure control systems and the US government provided further details on the importance of doing so in a press release, saying:

“The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States.”

Performance controls

As reported by Reuters, the President's latest memorandum will also see the launch of a new public-private initiative that creates “performance controls” when it comes to cybersecurity at water treatment facilities, electric power plants and other critical infrastructure companies in the US.

While these recommendations are voluntary, the Biden administration hopes they will encourage companies to improve their cybersecurity posture ahead of other policy efforts according to a senior administration official that spoke with the news outlet.

A number of high profile cyberattacks have shown the US government and its citizens just how disruptive malware, ransomware and other similar attacks can be to the country's critical infrastructure. Most notably the Colonial Pipeline, which runs through 12 states, was taken offline for several days following an attack believed to be launched by the DarkSide ransomware group back in May.

The senior administration official also explained to Reuters that a lack of cybersecurity requirements is what made the country's critical infrastructure so vulnerable in the first place, saying:

"These are the thresholds that we expect responsible owners and operators to go. The absence of mandated cybersecurity requirements for critical infrastructure is what in many ways has brought us to the level of vulnerability that we have today. The federal government cannot do this alone. Almost 90% of critical infrastructure is owned and operated by the private sector. Securing it requires a whole of nation effort."

Via Reuters

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.