A senior White House official said Thursday that Congress could do more to establish baseline cybersecurity standards for critical infrastructure sectors to better protect them from digital threats.
“We lag behind other countries in defining cybersecurity requirements for the critical pieces of infrastructure, the most important – the country’s water, electricity, pipelines, hospitals, as well as the technology that crosses them all,” Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said during an event at the Center for a New American Security.
“When we drive a car, the car comes with the seat belt, comes with airbags. It comes with standards on how fast you can drive on the road. major accident?” Neuberger told the Washington-based think tank. “We need the same with cyber.”
She noted that the administration has taken various steps — including through last year’s executive order — to push the private sector to voluntarily bolster security, but lawmakers could urge operators to do more to bolster security. digital defenses.
“We really need the Hill to put these mandatory standards in place,” Neuberger said.
His remarks come days after the Transportation Security Administration released revised cybersecurity guidelines for oil and gas pipelines. The administration initially unveiled the guidelines after a meeting with industry leaders following the ransomware attack that temporarily shut down the Colonial Pipeline last summer, disrupting fuel supplies to the East Coast. However, the directive has been met with fierce opposition from industry executives.
Neuberger said the White House will host a group of railroad executives next week for a classified briefing on cyber threats posed by nation states like Russia and China.
She also said the Environmental Protection Agency would “soon” release a rule to expand its water system remediation reviews to include cybersecurity considerations.
But even then, she added, “we need the Hill to make sure those authorities are clear.”
Momentum is building on Capitol Hill to protect crucial US digital assets from hackers.
The House version of the annual defense policy bill includes language to designate “systemically important entities” for the most vital organizations with the 16 U.S. critical infrastructure categories. The new label would require operators to adopt strict digital security standards and share threat information with the government in exchange for federal support.
The Senate draft of the Massive Policy Bill contains no such provision. After the chamber votes on its version, lawmakers will settle their differences in a conference committee.
Neuberger said Congress is a “major partner” in looking at areas that lack authority or “where agencies are reluctant to move without real Hill support to do so.”
She said she has received “a lot of interest and great feedback” from lawmakers on the “right track” to establish clear cyber regulatory authority for more sectors.
“We’re really looking forward, over the next few months, to continuing that engagement, hearing feedback from Hill members and staff members as well, and creating this together,” according to Neuberger.