back to article 'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection

The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "woefully insufficient" security posture. The Memorandum was accompanied by transcripts of remarks made by a "Senior administration official" who said the …

  1. Mike 137 Silver badge

    "the Memo doesn't discuss whether critical infrastructure operators need to be compelled to act"

    Actually, the briefing doesn't discuss very much at all. It's at best a kind of call to action. But we've had calls to action by the dozen over the last few decades, despite which the global cyber security position has got worse instead of improving. This seems to confirm that (as was pointed out in 2016 in response to Obama's call to action) a new approach may be necessary - continuing to do what hasn't helped much for 40 years is unlikely to solve the problem.

    1. Robert Grant Silver badge

      Re: "the Memo doesn't discuss whether critical infrastructure operators need to be compelled to act"

      Right. "Woefully insufficient" I think is code for "lots of budget please".

    2. teknopaul Silver badge

      Re: "the Memo doesn't discuss whether critical infrastructure operators need to be compelled to act"

      security baselines sounds good to me, I wish our lot did that.

      Most infosec bods just bitch about other peoples work rather than actually helping to create secure systems in the first place.

      Private and Public infosec need a shake up IMHO.

      Pen testing and ha King for a fee is too late in the game.

  2. Julz Silver badge

    It

    Would seem to me that the normal capitalist race to the bottom on costs and the need to secure infrastructure are almost diametrically opposed. The only way to stop the cost cutting and improve the security would be if it were mandated by legal regulations. Tell me left pondians, are you up for bigger government and higher prices?

  3. NetBlackOps Bronze badge

    Without accountability, nothing will change and the kind of accountability matters. My work, after I joined the military, was directly accountable, as in whatever penalty a Court Martial may decide. Given it was all safety critical, it was not going to be a slap on the wrist and a Letter of Admonition. No such accountabiiity exists in the civilian world even if those works were safety critical or not. So, unless someone comes along and makes the penalties in line with personal accountability, nothing will change. We already know fines are meaningless in the corporate world.

  4. amanfromMars 1 Silver badge

    It is just as well there be the Odd Special Relationship in such Circumstances says I?

    Critical Infrastructure Control Systems needs and feeds will never be quickly and adequately seeded if they are not openly presented for tendering. If one is deliberately kept in the dark about deficiencies and vulnerabilities and woeful insufficiencies, ...... and one can suppose the thinking there behind that "pulling up of the drawbridge and lowering of the portcullis" be because it can so easily invite and incite unwelcome disruptive and destructive exploitation against which there be no attack or defence protection ...... how on Earth does one expect to be helped rather than be further hindered and more comprehensively disadvantaged?

    The following is such an example of specific help being offered whenever it is surely needed but failing the public right to know and wider private and pirate sector opportunity to test test, and that just aggravates and exacerbates the problematic vulnerability/unfortunate systemic liability further.

    Damned if they do, and damned if they don't is no place to hide between a rock and a hard place.

    GrahamC [2107290929] ……. tries to reveal in a chat on https://www.nationaldefensemagazine.org/articles/2021/7/28/space-force-not-considering-acquisition-agency-consolidation

    Here be something further to consider and ask of your sources, Meredith, so that they are not rendered catastrophically vulnerable and critically disadvantaged whenever/if ever being ruthlessly and relentlessly exploited in such fields of Almighty Digital Engagement.

    The Agencies and Forces in Space and AI Market Places, for there are surely bound to be more than just a few of them, which capture/command and control the full spectrum view high ground of the virtualised space environment and stealthy internetworking networks with deep and dark shadowy webs, generously freely sharing novel creative or disruptive or subversive proprietary intellectual property/state and non-state COSMIC* Top Secrets for the reprogramming and provisioning of revised hearts and opened minded societies, are so advantaged in the human race down on Earth, as to be considered practically almighty and virtually untouchable by their peers.

    Freely capture hearts and captivate minds via such a remote means of energising memes, and it is Great Game over and the Dawning of an Enlightening Age with Space Force Agencies and AIMarketeers, Virtual Pioneers, exercising Future Levers for a Totally New Existence presenting Augmented Virtual Reality Projects in Advanced IntelAIgent Programs ……Trailing and Trialing Astute Mass Multi Media Manifested Productions …… Fully Loaded Promotions.

    Does the Space Rapid Capabilities Office/Pentagon/DARPA/Uncle Sam, and any of their ilk resident elsewhere, covet and/or claim rights to practise and commandeer any JOINT leadership in such a space place, for such if presumptuously assumed and left clearly undeclared will prove to be constantly problematical and exceptionally draining for them as IT and AI has deliberately designed it to be so by default, in order to perfectly secure and failsafe protect a Priori Partnerships and SMARTR Alienating Products.

    JOINT ……. JOINT Operations Internetworking Novel Technologies

    COSMIC* …… Control Of Secret Materiel in an Internetional Command

    SMARTR…… SMARTR Mentoring Analysis Reporting Titanic Research

    [Thank you. Your comment will be displayed soon after reviewing.]

    :-)White man talk with fork tongue, KemoSabe. The naked truth be that certain comments will not be displayed for viewing after reviewing ..... and that tells one virtually everything one needs to know about practically all of the parties party to the reviewing, thus making the direction of future paths to be taken considerably clearer.

  5. Cliffwilliams44 Bronze badge

    "The Memo outlines plans to change that, with an "Industrial Control Systems Cybersecurity Initiative" that sees government and industry collaborate to define security baselines."

    Government and Industry collaboration, Mussolini would be so proud of us!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021