By David Shepardson
WASHINGTON (Reuters) – President Joe Biden on Tuesday signed a new national security memorandum to boost the resilience of U.S. critical infrastructure, replacing a decade-old policy.
The White House said it was launching a “comprehensive effort to protect U.S. infrastructure against all threats and hazards, current and future.”
The directive empowers the Homeland Security Department to lead the government-wide effort to secure U.S. critical infrastructure and to submit regular National Risk Management plans summarizing U.S. government efforts.
Concerns have been rising about the security of U.S. critical infrastructure like utilities, power plants, aviation, rail, mass transit, highway, maritime, pipeline, water and sewage organizations.
“The policy is particularly relevant today, given continued disruptive ransomware attacks, cyber-attacks on U.S. water systems by our adversaries,” said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
In February, U.S. agencies said an advanced group of Chinese hackers taking aim at U.S. critical infrastructure have been active for as long as half a decade.
The U.S. National Security Agency, CISA, the FBI, and the Transportation Security Administration said that the group known as “Volt Typhoon” had quietly burrowed into the networks of aviation, rail, mass transit, highway, maritime, pipeline, water and sewage organizations.
The widespread nature of the hacks has led to a series of meetings between the White House and private technology industry, including several telecommunications and cloud commuting companies, in which the U.S. government asked for assistance in tracking the activity.
Biden’s memorandum directs the U.S. Intelligence Community “to collect, produce and share intelligence and information with federal departments and agencies, state and local partners, and the owners and operators of critical infrastructure.”
The White House said “nation-state actors will continue to target American critical infrastructure – and tolerate or enable malicious activity conducted by non-state actors. In the event of crisis or conflict, America’s adversaries may attempt to compromise our critical infrastructure.”