President Biden on Wednesday is set to sign a national security memorandum directing his administration to develop cybersecurity performance goals for critical infrastructure in the U.S. – entities like electricity utility companies, chemical plants and nuclear reactors.
The memo will also formally establish Biden's Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities to facilitate the deployment of technology and systems that provide threat visibility indicators and detections.
The effort to strengthen defenses comes after a string of ransomware attacks earlier this summer, with foreign malign actors targeting pieces of U.S. critical infrastructure.
In June, a ransomware assault shut down the U.S.-based meat plants of the world’s largest meatpacker, Brazil-based JBS. The White House said the hack was likely carried out by a criminal group based in Russia.
The attack on JBS came just weeks after the largest U.S. fuel pipeline, the East Coast's Colonial Pipeline, was targeted by a criminal group originating in Russia.
Senior administration officials said the overall "optimal" approach is modernizing the national defense, federal government, state and local government and critical infrastructure, as well as the broader private sector so that they are "modern enough to meet the threat."
Officials said nearly 90% of critical infrastructure in the U.S. is owned and operated by the private sector, stressing that securing it "needs to be a whole of nation effort."
The efforts will begin with asking "owners and operators" to work with the U.S. government "voluntarily," officials said.
"We have a patchwork of sector-specific statutes that have been adopted piecemeal, and we feel that the administration, the government’s responsibility, is to feel confident that critical services that the American public rely on have to modernize their defenses to ensure that they can continue to deliver the critical services they do," an official said, noting that the "current" statutes do not give the administration "confidence."
"We must move with urgency," the official said. "The federal government cannot do this alone."
The president addressed ransomware attacks during his summit with Russian President Vladimir Putin in June, discussing cybersecurity, and telling Putin that "certain critical infrastructure should be off limits to attack."
After the meeting, Biden said he gave a list of "16 specific entities defined as critical infrastructure," which range from energy to water systems.