- President Joe Biden will sign a national security memorandum on Wednesday aimed at fortifying cybersecurity for U.S. critical infrastructure.
- The memorandum follows a steady drumbeat of ransomware attacks that have directly impacted Americans and hampered logistics and services in the U.S.
- A senior administration official stressed that the federal government "cannot do this alone" and called on the private sector to "do their part" for cybersecurity.
WASHINGTON – President Joe Biden will sign a national security memorandum on Wednesday that aims to strengthen cybersecurity for critical infrastructure, as concern mounts about the vulnerability of the U.S. in the wake of a series of recent ransomware attacks.
The memo will include directives for federal departments, while the administration is also calling for tougher action from private companies.
"Our current posture is woefully insufficient given the evolving threat we face today. We really kicked the can down the road for a long time," a senior administration official, who spoke on the condition of anonymity in order to share details about the effort.
The memorandum directs the Departments of Homeland Security and Commerce to develop "cybersecurity performance goals for critical infrastructure."
The order also establishes an industrial control system cybersecurity initiative, which the official described as a "voluntary, collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections and warning."
The official stressed that while the directives may be voluntary, the federal government "cannot do this alone" and called on the private sector to "do their part."
"Short of legislation, there isn't a comprehensive way to require deployment of security technology and practices," the official said.
The White House action follows a steady drumbeat of ransomware attacks that have directly impacted Americans and hampered logistics and services in the United States.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a payment in exchange for the release of data.
The latest ransomware attack, disclosed earlier this month by Florida-based software provider Kaseya, spread to at least six European countries and breached the networks of thousands across the United States.
In May, a hacking group known as DarkSide with suspected ties to Russian criminals launched a ransomware attack on Colonial Pipeline, forcing the U.S. company to shut down approximately 5,500 miles of pipeline.
It led to a disruption of nearly half of the East Coast's fuel supply and caused gasoline shortages in the Southeast and airline disruptions. Colonial Pipeline paid $5 million ransom to the cybercriminals in order to restart operations.
A few weeks after the attack, U.S. law enforcement officials were able to recover $2.3 million in bitcoin from the hacker group.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.