President Joe Biden released a memo this week aimed at shoring up efforts to protect critical infrastructure from cyber threats.  

The National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems directs federal agencies to develop cybersecurity performance goals for infrastructure and formally establishes the Industrial Control System Cybersecurity initiative.  

"Protection of our nation’s critical infrastructure is a responsibility of the government at the federal, state, local, tribal and territorial levels and of the owners and operators of that infrastructure," Biden wrote in the memo.  

"The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our nation," he added.  

WHY IT MATTERS  

Biden's memo comes amidst alarm bells from experts in the security community about increasing cyber threats in the United States, including those targeting healthcare.   

The ICS initiative, which the memo formally acknowledges, is a voluntary, collaborative effort between the federal government and members of the critical infrastructure community to facilitate the deployment of cybersecurity technology.

The initiative began in mid-April with a pilot targeting the electricity subsector, which has led to more than 150 electricity utilities deploying control system cybersecurity technologies or agreeing to do so.   

The action plan for natural gas pipelines is underway, and initiatives for other sectors – including water and wastewater – will follow later this year.  

"We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems," Biden wrote in the memo.

The memo also directed the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology to develop cybersecurity performance goals for critical infrastructure, in collaboration with other agencies.  

"These performance goals should serve as clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services," wrote Biden.

"That effort may also include an examination of whether additional legal authorities would be beneficial to enhancing the cybersecurity of critical infrastructure, which is vital to the American people and the security of our nation," he continued.

During a press call regarding the memo, a senior administration official said that the current patchwork of sector-specific and state-level approaches to cybersecurity is not sufficient to combat the threat landscape.   

They said Congress would probably have to play a role in developing a strategic, coordinated requirement for infrastructure cybersecurity.  

"Short of legislation, there isn’t a comprehensive way to require deployment of security technologies and practices that address, really, the threat environment that we face," said the official.  

Biden's memo didn't specifically mention the healthcare sector, but the official suggested that the government could incentivize hospitals, schools and other infrastructure providers to shore up their defenses and patch vulnerabilities.

"Cyber insurance is a really interesting mechanism as well," said the official.  

THE LARGER TREND

The Biden administration has taken strong stances about cybersecurity in the past half year, with the president requesting billions of dollars in his June budget toward protecting the country's infrastructure.  

Congress has also made progress in this direction. The U.S. House of Representatives this month passed several new bipartisan cybersecurity bills, including an act that would authorize a new $500 million grant program to provide state, local, tribal and territorial governments with dedicated funding to secure their networks from ransomware and other cyberattacks.  

"The State and Local Cybersecurity Improvement Act is an essential step to ensure our state and local governments are not left vulnerable to cyber attacks, and I am pleased that the House came together to pass this critical bipartisan legislation," said Committee on Homeland Security Chair Rep. Bennie Thompson, D-Miss., in a statement.  

ON THE RECORD  

"It is the policy of my administration to safeguard the critical infrastructure of the nation, with a particular focus on the cybersecurity and resilience of systems supporting national critical functions, defined as the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on national security, economic security, public health or safety, or any combination thereof," wrote Biden in the memo.  

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.