• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

What to Make of the Biden Administration’s New ICS Cybersecurity Initiative

July 29, 2021 By Corey Nachreiner

Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline ransomware incident) have shown, disruptions to critical infrastructure can have serious, potentially even fatal consequences. In short, this is a very real need and one the Federal government should be helping to meet.  

It’s important to note, however, that the new Industrial Control System Cybersecurity Initiative is a voluntary collaborative effort in which Federal cybersecurity agencies will advise the ICS community on the technical security controls they should deploy to help thwart, monitor, detect, and alert against threats to their systems. Ultimately its success or failure will depend on two things: the actual technical details of the government’s recommendations and the fines or impacts imposed if the recommendations aren’t followed. 

So far, the administration hasn’t shared any specific recommendations, just that they will collaborate to help. The initiative will start with electricity companies before expanding to include other critical infrastructure providers. While the administration intends to set performance goals for this initiative, they haven’t defined them yet. Also, since the initiative is voluntary for now, there are no consequences for private ICS businesses that choose to ignore it (or, for that matter, positive incentives to get them to comply).  

Without the details and more teeth, it’s hard to say if this program will have any impact. After all, federal agencies have already been collaborating and sharing threat info with ICS companies that listened (ICS-CERT). It will be interesting to see whether the administration takes a more aggressive approach if (or more likely when) there’s another major attack on a critical infrastructure company. 

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use