The White House is targeting the communications, water, and healthcare sectors for further regulatory attention aimed at improving cybersecurity in those critical infrastructure sectors, according to Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.
Speaking at a Washington Post Live event today, Neuberger identified those three sectors as being in line for near-term attention from the White House but did not offer much in the way of predictions on any specific regulatory changes that may be in the works.
She discussed the upcoming work on those three sectors in the context of the Biden administration’s actions following the 2021 Colonial Pipeline hack, and the administration’s focus on building better partnerships with industry to improve critical infrastructure cybersecurity.
The results, Neuberger said, included an initial pipeline security directive from the Transportation Security Administration (TSA), followed by gathering pipeline industry officials for a classified threat briefing, and the TSA adjusting its security guidelines based on those discussions. TSA issued a new security directive for the pipeline sector earlier this year.
Similar White House efforts since then have included the railroad and airline sectors, and as a result of those, interim security directives for both sectors were issued late last year, and updated security directives for both sectors will be made public “shortly,” Neuberger said.
Asked where the White House will turn its attention, Neuberger said the communications sector will be next up.
She noted that the Federal Communications Commission will be issuing a public for a proposed rulemaking on emergency and public warning systems.
Earlier this month, the FCC issued a notice indicating it will consider such a rulemaking at its public meeting later this month, with a focus on improving the cybersecurity of and operational readiness of the Emergency Alert System (EAS) and associated wireless emergency alert functions.
Also on deck is the water sector, said Neuberger. The approach in that sector, she said, will include “a creative approach” from the Environmental Protection Agency (EPA) to include cybersecurity in existing legislation for the safety and security of water.
On the healthcare front, she said that the Department of Health and Human Services (HHS) will be “coming out beginning work with partners at hospitals to put in place minimum cybersecurity guidelines, and then further work upcoming thereafter on devices and broader healthcare as well.”
