A version of this article appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
President Biden signed a national security memorandum Tuesday laying out an updated, governmentwide plan to protect critical American infrastructure in the face of growing cyberthreats from China, Russia and other U.S. adversaries.
The document, senior administration officials said, is the culmination of a process that began more than a year ago. It gathered input from agencies across the federal government and the private owners and operators who manage communications equipment, transportation, water systems, dams and other systems crucial to modern life. Those systems are so central to U.S. society, the White House said, that they are increasingly appealing targets.
“Critical infrastructure comprises the physical and virtual assets and systems so vital to the nation that their incapacity or destruction would have a debilitating impact on national security, national economic security or national public health or safety,” a portion of the memo reads.
“The United States also faces an era of strategic competition with nation-state actors who target American critical infrastructure and tolerate or enable malicious actions conducted by non-state actors. Adversaries target our critical infrastructure using licit and illicit means,” the memo says. “In the event of crisis or conflict, the nation’s adversaries will also likely increase their efforts to compromise critical infrastructure to undermine the will of the American public and jeopardize the projection of United States military power.”
The federal strategy was updated after high-profile attacks on American infrastructure sectors. Such attacks seem likely to continue. FBI Director Christopher A. Wray warned in April that American adversaries, particularly China, intend to “land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
Iran and North Korea are also accused of cyberattacks targeting American infrastructure systems.
With alarm bells sounding in national security circles about the vulnerability of U.S. infrastructure, officials said it was time for an updated plan to guard America’s most vital assets.
“The threat environment has changed significantly” since President Obama issued the last governmentwide infrastructure memorandum in 2013, a senior administration official told reporters on a conference call Monday.
Another official said a risk to critical infrastructure is no longer in doubt.
“In the event of crises or conflict, we know America’s adversaries may attempt to compromise our critical infrastructure,” the official said. “Resilience, particularly for our most sensitive assets and systems, is the cornerstone of homeland defense and security.”
Mr. Biden’s memorandum applies to all 16 “critical infrastructure sectors” defined by the federal government. They include communications, the chemical sector, manufacturing, the defense industrial base, energy, emergency services, financial services, health care, water and food systems, and transportation. The Department of Homeland Security will lead the governmentwide effort.
Officials said the department will produce a biennial “national risk management plan” that summarizes risks to U.S. infrastructure. The American intelligence community will then collect and share information with the owners and operators of such critical infrastructure, including private companies and local governments.
Those entities are “the first line of defense against adversaries,” a senior administration official told reporters on Monday’s conference call.
The government memorandum will also lay out baseline security standards for each of the 16 infrastructure sectors. To ensure all stakeholders have the information they need about current and future threats, the federal government has prioritized the declassification of federal intelligence and data when appropriate and will hold classified briefings with operators when necessary.
Vulnerable
Addressing threats to American infrastructure has long been a top priority for the FBI and other arms of the federal government. Never before, however, has the scope of the threat and its potential repercussions for U.S. society been so clear. Eye-opening incidents in the past several months show the vulnerability.
In March, a Singapore-flagged container ship crashed into the Francis Scott Key Bridge in Baltimore, temporarily shutting down one of the country’s busiest and most logistically important ports. Although it was an accident with no connection to terrorism, authorities said, the incident cast a spotlight on how quickly and, from an enemy’s perspective, how simply American bridges, ports and maritime traffic could be shut down.
A January cyberattack on the water system of Hale, a small town in the rural Texas Panhandle, was linked to a group of Russian hackers calling itself the Cyber Army of Russia Reborn.
In December, U.S. officials said Iran-linked hackers had targeted U.S. water systems, including sites in western Pennsylvania and across the American health care industry. Russia-linked hackers claimed responsibility for an attack in April on a wastewater treatment plant in rural Indiana, according to media reports.
Perhaps the greatest threats come from the People’s Republic of China, which is thought to be responsible for a host of cyberattacks against U.S. and allied targets. In March, the U.S. government imposed economic sanctions on a Chinese company linked to Beijing’s Ministry of State Security spy service, accusing the firm of conducting cyberattacks against critical U.S. infrastructure.
Hackers groups with links to China’s communist regime are suspected of infiltrating key public and private U.S. networks, “lurking” but prepared to mobilize. Beijing says the U.S. intelligence community operates the world’s largest and most sophisticated cyberattack operation.
“The PRC has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist,” the FBI director said during a speech in April at the Vanderbilt Summit on Modern Conflict and Emerging Threats in Nashville, Tennessee.
“The fact is, the PRC’s targeting of our critical infrastructure is both broad and unrelenting,” Mr. Wray said.
• Ben Wolfgang can be reached at bwolfgang@washingtontimes.com.
Please read our comment policy before commenting.