The U.S. government is working on enhancing critical infrastructure cybersecurity. The White House has chosen the healthcare, communications, and water sectors as the next priority areas. The White House is about to release new guidance and cybersecurity requirements, which these industries can follow to boost resilience against increasingly sophisticated malicious cyber attacks.
In a recent Washington Post Live event, Deputy national security consultant for cyber and emerging technology, Anne Neuberger, defined some of the critical areas that the White House will focus on. The steps are consistent with the May 2021 executive order (EO 14028) of the Biden administration. The aim is to strengthen the cybersecurity of critical infrastructure and government information systems by means of public-private collaborations. A lot of the U.S. critical infrastructure is managed by private organizations. Although there are policies that demand minimum security requirements to be executed in some areas, more must be done to make sure that the specifications are applicable to all critical infrastructure and that they boost resilience.
According to Neuberger, the cybersecurity of U.S. critical infrastructure is late compared to other Western nations. This fact, nevertheless, allows the U.S. to learn from its different friends.
Cyberattacks on critical infrastructure are escalating, particularly ransomware attacks, a lot of which have affected the healthcare industry. The attacks frequently have a big effect on the capability of healthcare providers to operate. One new Trend Micro survey reveals that 25% of healthcare providers had to entirely stop operations after a ransomware attack, with 60% stating the attacks somewhat disrupted business operations. Those attacks normally impact public safety. A number of studies by Proofpoint, Health Services Research, and Censinet suggest that patient mortality goes up after ransomware or other serious cyberattacks.
Some of the big critical infrastructure ransomware attacks were the Colonial Pipeline attack that upset supplies of fuel to the Eastern Seaboard, and the JBS attack that disturbed food processing. Those incidents showed the company’s lack of readiness, which clearly proved the need to improve cybersecurity for all critical infrastructure and to implement standards to minimize the effect of successful attacks.
The bipartisan Securing Systemically Important Critical Infrastructure (SICI) Act plays an important role in strengthening the cybersecurity of all critical infrastructure. The law hopes to create a transparent, stakeholder-powered process to specify systemically important critical infrastructure (SICI). The law calls for the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to set up a system and standards for identifying what critical infrastructure are regarded as SICI, to give significant benefits to SICI owners and operators without any added pressure and requires CISA to give SICI owners and operators the choice to be a part of prioritized cybersecurity assistance. Presently, the government doesn’t completely know precisely what SICI is and what security improvements are needed.
President Biden likewise approved the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which calls for CISA to create and enforce rules necessitating covered entities to submit reports of cyber incidents and ransomware payments made. The reports will enable CISA to quickly release resources and give support to attack victims. It will additionally enable the agency to quickly know cyber threat developments, and immediately discuss with network defenders the appropriate, actionable information to alert other possible victims.
One of the White House’s focus areas is healthcare and attempts to strengthen cybersecurity throughout the industry are ongoing. Neuberger stated that the Department of Health and Human Services is collaborating with hospital partners and is creating minimum cybersecurity recommendations and is going to work on building new criteria and guidance for protecting medical devices and other wider aspects of healthcare into the future.