President Biden is directing U.S. spy agencies to more actively share information with private companies that handle U.S. critical infrastructure to guard against risks from foreign adversaries such as China and Russia, as well as criminal groups and hackers. .
The new directive is part of a national security memorandum on critical infrastructure security and resiliency that Biden announced Tuesday. The memo updates guidance first introduced in 2013 during the Obama administration and identifies new security procedures to protect 16 areas of critical infrastructure from natural disasters and man-made threats.
“This policy is in line with continued devastating ransomware attacks, adversary cyberattacks on the U.S. water system, and frequent calls from the FBI director and other government officials who are sounding the alarm about the state of our critical infrastructure. It is especially relevant today given repeated testimony,” Caitlin Derkovic, Biden’s deputy assistant to the president for resilience and response at the Department of Homeland Security, said on a call with reporters previewing the memo.
The Biden administration is building on the lessons learned from warnings of a full-scale Russian invasion of Ukraine by encouraging intelligence agencies to focus on declassifying information, sharing it with the private sector, and, with appropriate authorization, disclosing information to the private sector. He said he is ordering companies to share the information with other companies. Protect from security threats.
“I am an IC. [intelligence community] “We’re trying to see if the information can be safely declassified,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.
Easterly said the IC had declassified potential retaliatory attacks by the Russian government to share with critical infrastructure owners and operators leading up to Russia’s full-scale invasion of Ukraine in February 2022. Ta.
He said the “serious” threat from the People’s Republic of China increased the urgency of the work. The Biden administration warned in February that Chinese cyber adversaries were preemptively penetrating U.S. critical infrastructure to launch potential cyber attacks in an operation dubbed “Bolt Typhoon.”
“We have held extensive briefings at various levels with authorized department personnel to discuss what they are aware of and the Russian threat in 2022 and now. , confirmed that we are aware of China’s serious threat to critical infrastructure,” Easterly said.
“In particular, it proactively positions itself to disrupt or destroy critical infrastructure in the event of a major crisis.”
The memorandum also gives the Department of Homeland Security comprehensive responsibility for coordination among various federal agencies and provides the Department with a biennial report summarizing efforts to reduce risks to the nation’s critical infrastructure. It directs the president to submit a “national risk management plan.”
The memo also seeks to codify and require minimum security and resiliency requirements for critical infrastructure entities that were previously only optional.
“Voluntary approaches to strengthening the security and resiliency of critical infrastructure have significantly reduced risks over the past decade, but it is important to ensure that the nation’s critical infrastructure is secure and resilient to all threats and hazards. “More needs to be done to ensure this happens,” the memo said.
“The federal government needs to focus on increasing adoption of requirements that address sectoral, national, and intersectoral risks to critical infrastructure.”
The memo also reaffirms 16 critical infrastructure sectors and identifies which government agencies should work with which sectors.
“This is part of what we call an all-hazards approach to national resilience,” Durković said.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
