The U.S. Government Moves Forward on Plans to Secure Industrial Control Systems

Securing critical control systems has been widely discussed in the last year. These systems may be vulnerable as some of them are outdated or unsecured, and with that comes a fearful reality that these systems can be comprised in a cyberattack. With the recent cyberattacks on industrial OT systems including the colonial pipeline and JBS meatpacking attacks, the risk for these systems may be higher than ever. 

The new policy establishes several guidelines, referring to cybersecurity and resilience of systems supporting National Critical Functions.

 

An industrial control system that may be at risk of a cyberattack. 

 

The document also establishes an Industrial Control Systems Cybersecurity Initiative, a collaborative venture between the Federal Government and the critical infrastructure community intended to improve the cybersecurity posture of these systems.

 

An Updated Security Policy

The new National Security Memorandum builds on plans unveiled by the Biden Administration last April. Anne Neuberger, the deputy national security adviser, announced a five-step plan focusing on continuously monitoring technologies and further spreading multi-factor authentication solutions.

The new document expands the scope of this project, providing further details regarding these steps, which are referred to as ‘sections.’ The first one defines the scope of the policy and how it can be utilized to safeguard the U.S. infrastructure “so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on national security, economic security, public health, or safety, or any combination thereof.” 

 

U.S. President Joe Biden at the Greenwood Cultural Center in Oklahoma. Image used courtesy of Official White House/Adam Schultz

 

The second section of the memorandum establishes the Industrial Control Systems Cybersecurity Initiative, while the third one specifies the Initiative’s establishments and goals. The fourth part of the document sets baseline cybersecurity goals, and the fifth one clarifies the memorandum’s legal limitations.

 

The Industrial Control Systems Cybersecurity Initiative

The new Initiative established by the Biden administration will reportedly represent a voluntary effort between the critical infrastructure community and the Federal Government and aimed at “significantly improve the cybersecurity of these critical systems.”

The initiative will defend these systems by supporting the deployment of technologies and systems that provide threat visibility, indications, detection, and warnings. It is also designed to defend these systems by facilitating cybersecurity response capabilities for essential control systems and OT networks.

“The goal of the Initiative is to greatly expand deployment of these technologies across priority critical infrastructure,” the memorandum reads.

Section 3 of the document also specifies a tentative timeline for the Initiative group to follow. According to the memorandum, the group already began working on a pilot effort with the Electricity Subsector, and a similar one for natural gas pipelines. 

 

An industrial power plant where cyberattacks are likely to occur.

 

“Efforts for the Water and Wastewater Sector Systems and Chemical Sector will follow later this year,” the document said. 

In addition, the same section of the document also calls for Sector Risk Management Agencies and other executive departments and agencies to collaborate with stakeholders and owners involved with the critical infrastructure to implement the principles and policy outlined in the memorandum. The Secretary of Homeland Security is expected to issue preliminary goals for control systems in all critical infrastructure sectors by September 22, 2021.

For more information about the new cybersecurity guidelines, you can view the integral text of the memorandum on their website. What do you think about this initiative? Let us know in the comment section down below.