The Biden administration plans to launch a process to review and revise U.S. critical infrastructure protection policy, including providing guidance to agencies on designating certain critical infrastructure (CI) as “systemically important.”
In a letter sent to select congressional leadership, President Biden said he plans to implement CI recommendations from Department of Homeland Security (DHS) Secretary Alejandro Mayorkas. As directed by the National Defense Authorization Act (NDAA) for fiscal year (FY) 2021, Secretary Mayorkas submitted a report to President Biden that assesses the current framework of the nation’s CI and provided recommendations.
“Recognizing the need to drive implementation of the secretary’s recommendations across the Federal government, my administration will launch a process to review and revise, as appropriate, the primary United States policy for critical infrastructure, Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience),” President Biden wrote in the Nov. 7 letter.
“Updated policy would strengthen the public-private partnership and provide clear guidance to executive departments and agencies (agencies) on designating certain critical infrastructure as systemically important,” he added.
The president also said updated policy would clarify the roles and responsibilities of the Sector Risk Management Agencies and the Cybersecurity and Infrastructure Security Agency (CISA) “to coordinate a national effort to secure and protect against critical infrastructure risks.”
When needed, President Biden said the National Security Council and the Office of the National Cyber Director will monitor and offer guidance to CISA regarding the implementation of the report’s recommendations.
Designating CI as “systemically important” is something Rep. Jim Langevin, D-R.I., one of the leading voices on cybersecurity in Congress, has long advocated. Rep. Langevin pushed for an amendment to the FY2023 NDAA that would create a class of “systemically important” critical infrastructure providers.
In February, the congressman said he identified about 100 private sector firms that he considers to be “systemically important” critical infrastructure providers with which the Federal government should have closer collaboration and intelligence sharing.
“Codifying the roles and responsibilities of Sector Risk Management Agencies through Section 9002 of the FY21 National Defense Authorization Act was one of the Cyberspace Solarium Commission’s major accomplishments,” Rep. Langevin said in a statement to MeriTalk. “As the author of the provision, I am very glad to see the president moving forward on Section 9002’s other directives to ensure the effectiveness of the U.S. policy framework for securing critical infrastructure.”
“Furthermore, I share President Biden’s commitment to identifying systemically important entities, and I look forward to working together during my remaining time in office to further secure our most important critical infrastructure,” he added.
Rep. Langevin will be leaving Congress in January 2023 after deciding to not run for reelection.