President Biden is urging critical infrastructure entities to improve their cybersecurity amid an onslaught of hacks and attacks against industries that are key to national security and the economy.
Mr. Biden is directing the Department of Homeland Security and Department of Commerce to develop performance goals for critical infrastructure and is establishing a voluntary effort for the private sector to collaborate with the federal government in deploying certain technology and systems, said a senior Biden administration official.
“Securing our critical infrastructure requires a whole-of-nation effort, and industry has to do their part,” the official said. “These may be voluntary, but we hope and expect that all responsible critical infrastructure owners and operators will apply them. We can’t stress it enough that they owe that to the Americans that they serve for these critical infrastructure services to have more resilience.”
Mr. Biden’s history of strongly worded requests on cyber issues has drawn criticism from his political opponents and lackluster reviews from cybersecurity officials.
The president drew red lines around U.S. critical infrastructure as off-limits for Russian attackers and repeatedly has admonished Russian President Vladimir Putin to take action against cyberattackers.
Since Mr. Biden’s June summit with Mr. Putin, cybersecurity professionals have observed ongoing hacks and attacks, and Republicans have challenged Mr. Biden’s tough talk as misbegotten.
Some Democrats have started to grow tired of the Biden administration’s management of critical infrastructure, too. On Tuesday, Sen. Sheldon Whitehouse, Rhode Island Democrat, ripped the federal government’s work on getting critical infrastructure organizations to take cybersecurity seriously and lamented the lack of “real standards.”
“We don’t have to regulate everybody in the world, but if you’re critical infrastructure, we should no longer tolerate this voluntary regime with big companies who know that their infrastructure is critical and who fail,” Mr. Whitehouse said at a Senate Judiciary Committee hearing.
Both the Biden administration and Congress are examining new rules and laws aimed at getting critical infrastructure entities to improve their cybersecurity practices.
A senior administration official said there is not a comprehensive way for the federal government to require the deployment of security technology and best practices without legislation.
Several senators have recently begun making proposals designed to increase information sharing between the federal government and the private sector organizations handling critical infrastructure.
Last week, a bipartisan group of 15 senators introduced the Cyber Incident Notification Act of 2021, which would force critical infrastructure entities, government contractors and federal agencies to disclose cyber breaches.
A separate bipartisan group of four senators announced last week that they were proposing to put the Cybersecurity and Infrastructure Agency (CISA) in charge of identifying and responding to threats against industrial control systems.
The legislation also would make the CISA share information about threats with the private sector and brief lawmakers about the agency’s ability to respond to the cyberthreats.