Biden-Harris administration releases cybersecurity measures to strengthen nation’s cyber defenses

The U.S. administration announced Tuesday a ‘relentless focus’ on improving the nation’s cyber defenses, building a comprehensive approach to ‘lock our digital doors’ and carry out aggressive action to strengthen and safeguard its cybersecurity. The federal government has been working to improve domestic cybersecurity and bolster national resilience, mandating extensive cybersecurity measures while creating public-private partnerships and initiatives to enhance cybersecurity across critical infrastructure sectors. 

The Biden-Harris administration is set to work on improving cybersecurity measures across the nation’s critical infrastructure sector, ensuring new infrastructure is smart and secure while strengthening the federal government’s cybersecurity requirements and raising the bar through the purchasing power of the government. It will also counter ransomware attacks to protect Americans online and work with allies and partners to deliver more secure cyberspace while imposing costs on and strengthening U.S. security against malicious actors. 

Additionally, the government will implement internationally accepted cyber norms, develop a new label to help Americans know their devices are secure, build the nation’s cyber workforce and strengthen cyber education. The administration also intends to protect the future, from online commerce to national secrets, by developing quantum-resistant encryption and developing the nation’s technological edge through the National Quantum Initiative and issuance of the National Security Memorandum-10 (NSM-10).

As much of the critical infrastructure in the U.S. is owned and operated by the private sector, the administration has worked closely with various sectors, including transportation, banking, water, and healthcare, to help stakeholders understand cyber threats to critical systems and adopt minimum cybersecurity standards. Some of these cybersecurity measures include multiple performance-based directives brought out by the Transportation Security Administration (TSA) to increase cybersecurity resilience for the pipeline and rail sectors and measure cyber requirements for the aviation sector. 

Through the President’s National Security Memorandum 8 on Improving Cybersecurity for Critical Infrastructure Control Systems, Tuesday’s fact sheet said that “we are issuing cybersecurity performance goals that will provide a baseline to drive investment toward the most important security outcomes. We will continue to work with critical infrastructure owners and operators, sector by sector, to accelerate rapid cybersecurity and resilience improvements and proactive measures.”

President Joe Biden has through his May 2021 Executive Order 14028, raised the bar for federal government systems by requiring impactful cybersecurity measures, such as multi-factor authentication. The administration also issued a strategy for federal zero-trust architecture implementation and provided budget guidance to ensure that federal agencies align resources to the nation’s cybersecurity goals. It is also working on harnessing the purchasing power of the federal government to improve the cybersecurity of products for the first time, by requiring security features in all software purchased by the federal government, which improves security for all Americans.

Last year, the U.S. administration facilitated a ‘Counter Ransomware Initiative’ among over 30 countries and the European Union, with the goal of accelerating cooperation to counter ransomware that is emerging as a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity. 

The White House will host international partners from October 31-November 1 to accelerate and broaden this joint work, the fact sheet said. These cybersecurity measures work towards raising collective resilience, engaging the private sector, and disrupting criminal hackers and their infrastructure. The U.S. has made it harder for criminals to move illicit money while sanctioning a series of cryptocurrency mixers used regularly by ransomware actors to collect and ‘clean’ their illicit earnings.

Apart from the Counter Ransomware Initiative, the Biden-Harris administration has established cyber dialogues with a breadth of allies and partners to build collective cybersecurity, formulate a coordinated response, and develop cyber deterrence. “We are taking this work to our most vital alliances – for example, establishing a new virtual rapid response mechanism at NATO to ensure Allies can effectively and efficiently offer each other support in response to cyber incidents,” the fact sheet disclosed.

Turning its focus on building the nation’s cyber workforce and strengthening cyber education, the White House hosted a National Cyber Workforce and Education Summit, bringing together leaders from the government and from across the cyber community. At the Summit, the administration announced a 120-Day Cybersecurity Apprenticeship Sprint to help provide skills-based pathways into cyber jobs. With momentum from the Summit, the administration continues to work with partners on building the cyber workforce, improving skills-based pathways to good-paying cyber jobs, and educating Americans with necessary digital skills, and improving diversity, equity, inclusion, and accessibility (DEIA) in the cyber field.

The Biden-Harris administration aims to safeguard the future by developing quantum-resistant encryption to help protect data from compromise or theft by malicious hackers. Unfortunately, advancements in quantum computing threaten that encryption, so the National Institute of Standards and Technology (NIST) announced four new encryption algorithms that will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years. These algorithms are the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day, such as online banking and email software.

In August, the U.S. Cybersecurity and Infrastructure Agency (CISA) identified that upgrading ICS (industrial control system) to post-quantum cryptography will be a challenge, as deployed cryptography-dependent ICS hardware is costly, and the associated equipment is often geographically dispersed. However, organizations should make necessary preparations for migration to post-quantum cryptography. CISA called upon ICS organizations to ensure that their hardware replacement cycles and cybersecurity risk management strategies account for actions to address risks from quantum computing capabilities. 

President Biden issued in May NSM-10 that seeks to develop the nation’s technological edge in quantum computing while mitigating risks to vulnerable cryptographic systems. The measure has more than doubled the government’s research and development (R&D) investment in quantum technology, creating new research centers and workforce development programs across the country. 

Additionally, NSM-10 prioritizes “U.S. leadership in quantum technologies by advancing R&D efforts, forging critical partnerships, expanding the workforce, and investing in critical infrastructure; will move the Nation to quantum-resistant cryptography; and protects our investments, companies, and intellectual property as this technology develops so that the United States and our allies can benefit from this new field’s advances without being harmed by those who would use it against us,” the fact sheet added.

President Biden also released a proclamation on the occasion of cybersecurity awareness month to highlight the importance of safeguarding the nation’s critical infrastructure from the malicious cyber activity and protecting citizens and businesses from ransomware and other attacks. Additionally, the move looks toward raising awareness about the simple cybersecurity measures that Americans can take to secure their sensitive data and stay safe online.

Earlier this week, about 14 public-facing U.S. airport websites, including those for some of the nation’s largest airports, were inaccessible as a pro-Russian hacker group claimed responsibility for the attack. In addition, the KillNet group has been using DDoS (distributed denial of service) cyberattacks. While no immediate impact on actual air travel was reported, there have been suggestions that the cyber-attacks may have inconvenienced people seeking travel information.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.