The White House this week issued a new national security memorandum (NSM) focusing on the security and resilience of critical infrastructure against cyber and physical threats.
The memo replaces a decade-old presidential policy on critical infrastructure protection, which focused on threats such as terrorism. The new NSM takes into account the shift of the threat environment towards malicious cyber activities, strategic competition, and advancements in AI technology.
The NSM aims to refine and clarify the roles and responsibilities of the government, promote the use of a risk-based approach to identify and prioritize efforts, and establish minimum requirements and accountability mechanisms.
It also focuses on leveraging federal government agreements such as grants and loans to require or encourage stakeholders to meet or exceed minimum requirements, enhancing threat intelligence collection and analysis, improving information sharing, promoting investments in technologies and solutions, and engaging with international partners and allies.
Specifically, the NSM designates the cybersecurity agency CISA as the national coordinator for security and resilience and requires the DHS to regularly summarize efforts to manage critical infrastructure risk. It also directs the intelligence community to collect and share information with stakeholders.
The NSM reaffirms the designation of 16 critical infrastructure sectors, as well as a Sector Risk Management Agency (SRMA) for each sector.
The Department of Energy and the Environmental Protection Agency, which act as SRMAs for the energy and the water and wastewater sectors, respectively, have each issued statements on the new memorandum.
The water sector in particular has been increasingly targeted in malicious attacks over the past months, and the EPA says it’s taking important steps to secure the nation’s water infrastructure.
CISA has also commented on the NSM and the agency’s role, highlighting that it has already been working towards the goals outlined in the new memorandum.
Related: GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities
Related: White House Nominates First Assistant Secretary of Defense for Cyber Policy
Related: White House Budget Proposal Seeks Cybersecurity Funding Boost