The White House is looking to add oversight capabilities to strengthen cybersecurity for critical infrastructure. The administration has been working with various cabinet agencies to bolster cybersecurity in water, rail, aviation, energy and other sectors.
However, Anne Neuberger, deputy national security advisor for cyber and emerging technology, speaking during the Billington Cybersecurity Summit in Washington D.C., raised the possibility of a letter grade rating that would hold key providers accountable for maintaining a certain level of cyber resilience.
As good as public-private partnerships are, the administration sees that additional enforcement ability as a necessary step.
“It’s very different when one shares threat information, when one shares a zero-day vulnerability with a pipeline company — with a real company — and the regulator can say: ‘What’s your plan to fix this? And then hold the company to that,” Neuberger said, during a fireside chat with Brad Medairy, EVP at Booz Allen.
Ensuring certain standards for critical infrastructure providers is a “zero-fail mission” that could not allow prolonged disruptions of power or gas or water supplies, Neuberger said.
A rating type system could hold a provider — such as rail, water or aviation — to a letter grade ranging from A through D, based on their level of cybersecurity fitness.
The administration is also working with the private sector to ensure they have more secure technology products through the Cyber Trust Mark program originally unveiled in July.
The consumer labeling program is designed to strengthen the cyber resilience of millions of smart home devices, including home routers, power inverters, smart meters and other IoT products.
Smart IoT devices should have Cyber Trust Mark labeling by Thanksgiving 2024, Neuberger said.
Criminal and nation-state hackers have leveraged IoT devices, including home routers, to launch attacks against critical infrastructure providers and defense industry targets in the past.
The Department of Energy is working on a standard for smart meters, while the National Institute of Standards and Technology is working on a standard for smart routers. Major retailers like Amazon and Best Buy have expressed strong support for the program.
The U.S. will be reconvening its International Counter Ransomware in Washington on Oct. 31. The number of countries involved has grown from 31 to 47. The group is working on a coordinated statement regarding ransomware payments, Neuberger said.
The U.S. also provided $25 million in digital infrastructure assistance to Costa Rica, which faced crippling cyberattacks after it was the first Latin American country to call out Russia after the invasion of Ukraine, according to Neuberger.
President Biden met with Costa Rica President Rodrigo Chaves Robles at the White House in late August, where they discussed cybersecurity among other subjects.