The Biden administration plans to implement a national cybersecurity strategy. This will require comprehensive regulation of the country’s critical infrastructure. This will help to acknowledge that voluntary efforts have not been sufficient to protect against cyberattacks. This strategy builds upon the administration’s last year’s regulations for the oil and gas pipeline industry. Experts expect President Biden to sign the strategy by the White House Office of the National Cyber Director.
What James Lewis has said about cyber security strategy?
Lewis said the latest strategy goes beyond information sharing and public-private partnerships as solutions.
Lewis claims the new strategy “says things others have been afraid to say.” Use regulation to support national security and public safety, believing that regulation can create a level playing field. The strategy acknowledges voluntary approaches have been helpful, but the lack of mandatory requirements has often led to inconsistent outcomes.
What did the National Cyber Director said about cyber strategy?
Chris Inglis, National Cyber Director, said it is necessary to be strict in what we expect from cyberspace. If self-regulation and market forces are insufficient, we must take further action. The strategy also includes regulation of all critical sectors.
Review of regulation of critical infrastructure
The White House National Security Council, led by Anne Neuberger, conducted a review. The review revealed five sectors already had cybersecurity regulations before the Biden administration. These sectors are – nuclear power, financial services, large energy generation, chemicals, and major defense contractors. Following the hack, the oil and gas pipeline, rail, and aviation sectors had new regulations. The Environmental Protection Agency will issue a rule for the water sector soon. This would need legislation to take care of it.
The National Security Council analyzed the impact that disruptions in certain companies could have on Americans. The analysis specifically examined large companies, such as those serving over 50,000 customers or transporting hazardous materials, in each sector. The reason is simple. A major company’s disruption would have a greater impact than a smaller one. As a result, last year’s regulation only covered 97 of the largest pipeline companies. The findings of this analysis form the basis of the strategy, and an implementation plan is currently under development.
Aim of new cyber strategy
The strategy aims to create pipeline regulations that prioritize security without getting complex or burdensome. Officials acknowledged that the previous regulations, hastily implemented without consulting the companies, were overly restrictive and ultimately unsuccessful. The CEO of an industrial cybersecurity company stated that the second set of regulations was an improvement because they took into consideration pipeline assets’ feedback and owners’ feedback and focused on desired outcomes rather than specific methods of achieving them.