Critical Infrastructure Operators Take Note: Biden Administration to Unveil New Cybersecurity Regulations
While acknowledging that voluntary approaches to cybersecurity compliance have produced some important improvements, the Biden administration says those improvements have been mostly incomplete and inadequate, particularly in the face of mounting attacks from Russia, China, North Korea and Iran. As a result, President Biden’s Office of the National Cyber Director (ONCD) is in the final phases of approving national requirements to strengthen cybersecurity for critical infrastructure. Among other things, the strategy calls for placing liability for attacks on operators who fail to take “reasonable” steps to strengthen their computer systems. The plan also calls for a mix of executive branch authority and congressional action to regulate all critical sectors of the national infrastructure.
The water industry will be the next of the critical infrastructure industry sectors to get cybersecurity regulations, according to a recent news report. Even the U.S. Chamber of Commerce, reported to have opposed previous attempts to mandate cyber standards, has accepted the need to “harmonize” its member’s interests with regulatory policy. To that end, the new strategy requires that plans need to be developed in consultation with industry experts so they are less burdensome, more workable and address some the issues that prevented a successful voluntary compliance program in the first place. Make no mistake, further regulation is on the way.
