Attacks targeting critical infrastructure have been on the rise in recent years. Back in 2019, for instance, 56% of utility professionals responsible for overseeing risk in their organizations’ operational technology (OT) assets told Siemens and the Ponemon Institute that they experience at least one shutdown or operational data loss event a year. That’s about the same proportion (54%) of survey respondents who said they expected to see an attack on critical infrastructure in the next 12 months, reported HSToday.

The Biden Administration Responds

These critical infrastructure security events could explain why the Biden Administration has taken several steps in 2021 to help protect industrial control systems serving critical national infrastructure. Here’s an overview of three of those initiatives:

  • The 100-day sprint for electrical infrastructure: Earlier in the year, the Biden Administration announced a 100-day sprint to identify weaknesses within the United States’ electrical infrastructure. It also announced a Request for Information (RFI) from the U.S. Department of Energy to help to address supply chain risks in the U.S. electric system. (Tripwire’s response to that RFI is available here.)
  • The Executive Order on Improving the Nation’s Cybersecurity: In mid-May, the Administration published an Executive Order around strengthening the nation’s cybersecurity. The directive came with several measures for helping Federal Civilian Executive Branch (FCEB) agencies within the U.S. government to defend against supply chain attacks. It also included a section on removing barriers that would prevent information technology (IT) and OT service providers sharing threat intelligence information with FBI and similar entities.
  • Revised security guidelines for pipeline owners: Following a high-profile ransomware attack involving a U.S. pipeline company, the Transportation Security Agency (TSA) issued a directive that discusses new security requirements for pipeline operators. Those obligations include the need for all pipeline companies to (Read more...)