U.S. President Joe Biden speaks after signing the foreign aid bill at the White House in Washington, DC, April 24, 2024.
Jim Watson | AFP | Getty Images
President Joe Biden on Tuesday updated a more than decade-old policy aimed at protecting U.S. critical infrastructure sectors like energy and financial services from foreign attacks, as public officials continue to ring the bell alarm on Chinese cyber threats.
Biden’s new policy is largely a rewrite of the Obama administration’s rule to protect U.S. critical infrastructure, called Presidential Policy Directive, or PPD-21, which was issued in 2013.
Efforts to overhaul Obama-era infrastructure policy began more than a year ago, in part to modernize it and keep pace with hackers who have benefited from more than a decade of technological advancement .
“The threat environment has changed significantly since PPD-21 was published in 2013, shifting from counterterrorism to strategic competition, technological advancements like artificial intelligence, and malicious cyberactivity from state actors ” a senior administration official said on a Monday call with reporters. .
At its core, Biden’s updated policy defines which federal agencies are responsible for which tasks in the complex web of government agencies charged with protecting America’s infrastructure.
“This policy is particularly relevant today, given the continued disruptive ransomware and cyberattacks on U.S. water systems by our adversaries,” a senior administration official said.
FBI Director Christopher Wray has repeatedly warned the public and members of Congress of the imminent threat posed by Chinese hackers targeting the U.S. power grid, water plants, transportation systems and more. Moreover. In January, Wray announced that the FBI had taken down a Chinese hacking group called “Volt Typhoon” targeting hundreds of home and business routers.
Despite Biden’s attempts to ease US-China relations, tensions between the two superpowers remain fluctuating, particularly amid the current geopolitical chaos.
The Biden administration has warned China not to aid Russia in its invasion of Ukraine or the United States would be prepared to take sanctions. And while China regularly hints at its intention to reclaim the self-governing island of Taiwan, the United States has continued to send military aid to Taiwan.
As the U.S.-China relationship shows, security officials are on high alert for Chinese cyberattacks.
“We are now aware of the serious Chinese threat to our critical infrastructure, particularly by prepositioning the disruption or destruction of critical infrastructure in the event of a major crisis,” a senior administration official said.
The memo Biden signed Tuesday directs the Department of Homeland Security to lead government-wide efforts to mitigate these security risks, alongside the Cybersecurity and Infrastructure Security Agency, or CISA. The Secretary of DHS will produce a biennial report to the President on these risk efforts.
The new policy also directs U.S. intelligence agencies to declassify information relevant to private sector owners and operators in infrastructure sectors like transportation, water and energy that are vulnerable to attack.
It also aimed to codify CISA’s role in the government security network since the agency’s inception in 2018, five years after PPD-21 was issued.
“The presidential policy directive created in 2013 did not mention anything about the role of CISA because we had not yet been created,” a senior administration official said. “So in some sense it reinforces our statutory role, but it’s extremely important that it defines in presidential policy the specific roles that we have.”
cnbc
