© 2024 WYPR
WYPR 88.1 FM Baltimore WYPF 88.1 FM Frederick WYPO 106.9 FM Ocean City
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
WYPO 106.9 Eastern Shore is off the air due to routine tower work being done daily from 8a-5p. We hope to restore full broadcast days by 12/15. All streams are operational

Biden Pushes Cybersecurity Upgrades For Critical Infrastructure After Recent Hacks

Fuel holding tanks are pictured at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland in May 2021, the month that a cyberattack disrupted gas supply to the eastern U.S. for several days.
Drew Angerer
/
Getty Images
Fuel holding tanks are pictured at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland in May 2021, the month that a cyberattack disrupted gas supply to the eastern U.S. for several days.

President Biden just signed a national security directive aimed at boosting defenses against ransomware attacks and the hacking of critical infrastructure like energy, food, water and power systems.

The directive sets performance standards for technology and systems used by private companies in those sectors — though it can't force those companies to comply.

The memorandum follows a series of high-profile attacks on a major pipeline and the country's biggest meat supplier (those have been linked to groups operating in Russia, and Biden says he raised the issue with Russian President Vladimir Putin when they met last month).

A senior administration official, speaking on condition of anonymity, told reporters that the new standards will be voluntary.

For reference, almost 90% of the country's critical infrastructure is owned and run by the private sector, and the government has limited authority over their cybersecurity requirements.

But the official says the Biden administration may pursue legislative options, with help from Congress, to require the kind of technological improvements that would defend against such cyberattacks.

"Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address the threat environment that we face," they added.

For now: The government may draw up the standards, but it's up to private companies to decide whether to follow them.


This story originally appeared on the Morning Edition live blog.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Tags
Rachel Treisman (she/her) is a writer and editor for the Morning Edition live blog, which she helped launch in early 2021.