The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors.
The actions, outlined in an order from President Joe Biden, are an acknowledgment of the cybersecurity vulnerabilities of critical industries — a reality made clear by the May hack of the nation’s largest pipeline, which delivers about 45% of the fuel consumed on the East Coast.
They also are meant to address the “patchwork of sector-specific statutes” that have been adopted piecemeal over time and that leave the government without a uniform or adequate cybersecurity threshold, according to a senior administration official who briefed reporters before a formal announcement.
[ Read: House Passes Several Critical Infrastructure Cybersecurity Bills ]
The partnership was launched as a pilot program in April with electricity utilities, and another plan is underway for natural gas pipelines. Additional alliances with other sectors will be formed this year, the White House said. The move comes as federal officials have been promoting greater cybersecurity resiliency among private companies, including announcing new requirements and protections for pipeline owners and operators last week.
The partnership is voluntary, though the administration has not ruled out the possibility of mandatory requirements in the future, the official said. But short of legislation, the official said, “there isn’t a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we face.”
Democratic Rep. Adam Schiff of California, chairman of the House Intelligence Committee, praised the White House action as essential and “an important step.” But, he added, “I believe Congress must look beyond voluntary standards to strengthen our defenses.”
In addition, the new order will direct the departments of Homeland Security and Commerce to collaborate with other agencies on developing cybersecurity performance goals for critical infrastructure.
