White House plans order on industrial control systems
The move tracks with a schedule "sprint" on the risks posed by insecure industrial control systems scheduled for this summer by the Department of Homeland Security.
The Biden administration plans a separate executive order focused on industrial control systems that operate utilities such as water treatment and energy delivery as part of an overall effort to improve the nation's cybersecurity.
The move tracks with a planned sprint on industrial control systems scheduled for this summer by the Department of Homeland Security.
"We picked control systems because those are the systems that control water systems, power systems, chemical systems, across the U.S. And we're seeking to have visibility on those networks to detect anomalous cyber behavior and block anomalous cyber behavior," Anne Neuberger, the cybersecurity lead on the National Security Council, said at an April 8 online event hosted by the Council on Foreign Relations.
"Today, we cannot trust those systems because we don't have the visibility into those systems," Neuberger said. "And we need the visibility of those systems because of the significant consequences if they fail, or if they're degraded. So that's the threshold of success we seek from a cyber perspective, and there are many efforts that we'll need to do to get there."
The push on industrial control systems cybersecurity comes in the wake of a breach into a water system in Oldmar, Fla. that could have had fatal consequences if it had gone undetected. Currently, attacks on computer controlled infrastructure are handled in a sector-specific way, with no one entity or agency having an overall view into industry control system cybersecurity.
But the effort is also linked to the Biden administration's effort, expected to come in a separate executive order, to leverage the procurement power of the federal government as a forcing mechanism to induce vendors to be more transparent about the security of private sector software products.
Neuberger said the content of the orders will be "aggressive, but achievable" and allow the government to " fundamentally make progress on issues that we've kicked the can down the road on for a long time."
Neuberger also went into some detail about the persistence of the SolarWinds intrusion, and suggested that the hack wasn't only about spying, and could support "disruption or degradation as well as intelligence collection."