WASHINGTON (CN) — Confronting the rise of attacks on major American infrastructure and industry, the White House released an executive order Wednesday in which President Joe Biden will ask companies to layer on more cybersecurity protections.
The order follows up on a series of cybersecurity directives prompted this year when the nation suffered a series of fuel shortages after Russian-tied cybercriminals launched a ransomware attack on Colonial Pipeline. To get the critical infrastructure back to servicing nearly half of the Eastern Seaboard, Colonial Pipeline CEO Joseph Blount ultimately shelled out $4.4 million in ransom.
“We have a patchwork of sector-specific statutes that have been adopted piecemeal, as data security threats in particular sectors have gained public attention,” a White House fact sheet states. "Given the evolving threat we face today, we must consider new approaches, both voluntary and mandatory."
In part, the order directs the Cybersecurity and Infrastructure Security Agency and a standards and technology branch of the Commerce Department known as NIST to work across government and come up with “cybersecurity performance goals” for power, water and transportation sectors.
The order also outlines the creation of another program known as ICS, or the industrial control system. While participation is not mandated in ICS, it is meant to get the public and private sector on the same page for deploying new technology that can detect cyberattacks in advance as well as make breaches more visible in real time.
ICS has already been working on expanding these efforts and started with a pilot program for electric utilities. More than 100 utilities are involved in that initiative now and a program for some of the country’s top natural-gas pipeline operators has been underway since May.
“The point we want to make is, the federal government cannot do this alone,” White House officials told reporters on a call late Tuesday. "Securing critical infrastructure requires a whole of nation effort and industry has to do their part. These may be voluntary but we hope and expect that all responsible critical infrastructure owners and operators will apply them."
Data encryption and two-factor authentication will likely be among companies’ top concerns.
From SolarWinds, where Russian military-tied hackers breached sensitive files and data from major federal agencies including the Departments of State, Justice, Energy, Commerce and Treasury, to Colonial Pipeline to the breach of Microsoft this spring by Chinese cybercriminals who disrupted thousands of small businesses, the problems will keep piling up for the if they go unaddressed, the White House warned.
Sorting this out is at the fore of legislation unveiled this past week by Senator Mark Warner of Virginia. The Democrat introduced the Cyber Incident Notification Act in response to the SolarWinds hack.
Existing laws do not require companies to report on cyberattacks. When Colonial was hit in May, the White House leaned more toward giving companies a wider berth with how they manage such breaches.
But with the ramp-up of hacks, and so much on the line in the event of a cyberattack on the nation’s energy or water infrastructure, Warner’s bill, could fill a vacuum: The bill requires federal agencies or contractors to tell the Department of Homeland Security when they have spotted a hacker — or hack — in their midst.
This, the lawmaker has argued, could quicken response times to a breach and do much for damage control.
In lieu of legislation passed by Congress or cooperation from the private sector, the White House’s latest order is more akin to the administration throwing up a red flashing light.
During a press conference following a tour of the National Counterterrorism Center Watch Floor on Tuesday, Biden said cyberthreats are able to cause increasing disruption in the real world.
“I think its more likely we’re going to end up in a war, a real shooting war, with a major power," he said. "It’s going to be as a consequence of a cyber breach, and it's increasing exponentially, the capabilities.”
Follow Brandi Buchman on Twitter
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
Additional Reads
-
-
Forever-chemical butter April 25, 2024
-
-
$15M CD fraud April 25, 2024