Connect with us

Hi, what are you looking for?



White House Issues National Security Memorandum for Critical Infrastructure

The White House has published a national security memorandum focusing on critical infrastructure security and resilience.

White House

The White House this week issued a new national security memorandum (NSM) focusing on the security and resilience of critical infrastructure against cyber and physical threats. 

The memo replaces a decade-old presidential policy on critical infrastructure protection, which focused on threats such as terrorism. The new NSM takes into account the shift of the threat environment towards malicious cyber activities, strategic competition, and advancements in AI technology. 

The NSM aims to refine and clarify the roles and responsibilities of the government, promote the use of a risk-based approach to identify and prioritize efforts, and establish minimum requirements and accountability mechanisms.

It also focuses on leveraging federal government agreements such as grants and loans to require or encourage stakeholders to meet or exceed minimum requirements, enhancing threat intelligence collection and analysis, improving information sharing, promoting investments in technologies and solutions, and engaging with international partners and allies.

Specifically, the NSM designates the cybersecurity agency CISA as the national coordinator for security and resilience and requires the DHS to regularly summarize efforts to manage critical infrastructure risk. It also directs the intelligence community to collect and share information with stakeholders.

The NSM reaffirms the designation of 16 critical infrastructure sectors, as well as a Sector Risk Management Agency (SRMA) for each sector. 

The Department of Energy and the Environmental Protection Agency, which act as SRMAs for the energy and the water and wastewater sectors, respectively, have each issued statements on the new memorandum.

The water sector in particular has been increasingly targeted in malicious attacks over the past months, and the EPA says it’s taking important steps to secure the nation’s water infrastructure.

Advertisement. Scroll to continue reading.

CISA has also commented on the NSM and the agency’s role, highlighting that it has already been working towards the goals outlined in the new memorandum. 

Related: GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities

Related: White House Nominates First Assistant Secretary of Defense for Cyber Policy

Related: White House Budget Proposal Seeks Cybersecurity Funding Boost

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.


US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.


Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.


Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.


NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

Cloud Security

Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government.

Cloud Security

News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings.


CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.