As the volume, velocity and sophistication of cyber threats continue to increase, cybersecurity has become one of the most essential new frontiers for critical infrastructure. On 28 July, 2021, President Biden signed an executive national security memorandum calling for the development of new critical infrastructure cybersecurity standards for various industries. The memorandum builds on the executive order that Biden signed earlier this year.
The primary goal of President Biden’s security memorandum is to create uniform standards across the 16 critical infrastructure sectors over which CISA has oversight for cybersecurity. CISA and NIST will develop these standards, and compliance will be voluntary - at least initially.
By taking the lead in developing standards at the federal level, the White House is looking to build on the types of cybersecurity regulations and rules that the U.S. Department of Homeland Security (DHS) began to require of oil and gas pipeline operators following the ransomware attack involving Colonial Pipeline (see: TSA Issues Cybersecurity Requirements for Pipelines).
The House and the Senate are considering bills designed to enhance protections for operational technology (OT) and industrial control systems (ICS), but the legislation is focused more on how CISA can share threat intelligence with companies to help them mitigate risks (see: Congress Focuses on Industrial Control System Security).
“To cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders.”
ICIT Fellows, including those from Micro Focus, regularly contribute to ICIT publications. The publications the ICIT releases are publicly available and provide a treasure trove of cybersecurity information. Some of the recent ICIT publications Micro Focus has co-authored or sponsored include:
- Improving the Nation's National Security: ITIC Fellow's Analysis of President Biden’s Executive Order
- Software Security is National Security
- Accelerating Legacy System Modernization in Government
- The COVID-19 Checklist: Detailed Steps to Better Protect Your Organization
- The Business Value of a Diverse InfoSec Team
Rob Aragao and I recently had the opportunity to speak with the Founder and Chairman of the ICIT, Parham Eftekhari, for the Reimagining Cyber podcast. Parham is currently the Sr. VP and Executive Director for the CyberSecurity Collaborative which is part of the CyberRisk Alliance. In the “Cybersecurity and the Modern CISO,” episode (or, if you prefer, the recap blog), Parham discusses the changes he’s seen in the CISO role and how the modern CISO can gain support from business line leaders to executives alike.