The Biden administration has unveiled its national cybersecurity strategy against increasing cyber threats.
This release comes at a challenging time with two major roadblocks questioning the implementation of the plan. Firstly, Chinese-linked hackers managed to steal emails of high-ranking US officials by exploiting flaws in cloud computing systems. Secondly, a US court paused a contentious rule mandating US water systems to enhance their cybersecurity posture. The administration’s strategy targets more stringent minimum cybersecurity standards for vital infrastructure and shifting the responsibility for system security to better-equipped entities.
The court’s pause on the new rule concerning the water sector’s cybersecurity may potentially affect other actions by the administration to enforce cybersecurity mandates across other critical infrastructure sectors. If courts rule against cybersecurity improvements using existing legislation, agencies may need to devise new regulations, potentially requiring an act of Congress.
The White House’s assistant national cyber director for cyber policy and programs, Nick Leiserson, emphasised the goal of achieving the greatest possible reciprocity in harmonising rules across various critical infrastructure sectors. He envisions finding overlapping regulations and using these as a roadmap for determining mutually recognised cybersecurity standards across sectors.
However, experts express concerns about the practicality of standard harmonisation. Associate director of the Atlantic Council’s Cyber Statecraft Initiative, Will Loomis, believes that a uniform set of regulations for all critical infrastructure may overlook sector-specific nuances and realities. He also expressed disappointment that the implementation plan did not scrutinise cloud security more closely.
AWWA CEO David LaFrance said, “AWWA strongly supports efforts to strengthen cybersecurity in the water sector, but the Sanitary Survey Program is not the right tool for the job. We are grateful our viewpoint will be heard by the court and look forward to working together with EPA and others on a smart path forward.”
Speaking about harmonising regulations, Nick Leiserson, the White House’s assistant national cyber director for cyber policy and programs, said, “What we’re really after to the greatest extent possible is reciprocity.”
Sharing his concern, Will Loomis, associate director of the Atlantic Council’s Cyber Statecraft Initiative, said, “The lack of cloud almost entirely in this aside from the know your customer piece really stands out and in a lot of ways it is kind of alarming. It’s pretty clear that this is a huge area of concentrated risk for the entire ecosystem.”
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst
