White House Releases National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems

On Wednesday, July 28, the White House released its National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Systems. This Memorandum builds on an Industrial Control Systems Cybersecurity Initiative (Initiative), a voluntary, collaborative effort between the Federal Government and the critical infrastructure community to significantly improve the cybersecurity of these critical systems.  The primary objective of this Initiative is to defend critical infrastructure by encouraging and facilitating deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks.  The goal of the Initiative is to greatly expand deployment of these technologies across priority critical infrastructure. The Initiative began with a pilot effort with the Electricity Subsector, with a subsequent effort for natural gas pipelines.  Efforts for the Water and Wastewater Sector Systems and Chemical Sector will follow later in 2021.

Cybersecurity performance goals are a key component of this Initiative. The Secretary of Homeland Security will issue preliminary goals for control systems across critical infrastructure sectors no later than September 22, 2021, which is less than 60 days away. These preliminary goals will be followed by the issuance of final cross-sector control system goals within 1 year of the date of this memorandum.  Additionally, following consultations with relevant agencies, the Secretary of Homeland Security will issue sector-specific critical infrastructure cybersecurity performance goals within 1 year of the date of this memorandum.  These performance goals should serve as clear guidance to owners and operators about the appropriate cybersecurity practices.