Cyberattacks , Cybersecurity , Government

DHS Unveils Critical Infrastructure Cybersecurity Guidance

DHS Calls for Public-Private Collaboration on Critical Infrastructure Security
DHS Unveils Critical Infrastructure Cybersecurity Guidance
Department of Homeland Security Secretary Alejandro Mayorkas announced new guidance Thursday to support cybersecurity across critical infrastructure sectors. (Image: DHS)

Critical infrastructure sectors face many potentially disruptive threats such as supply chain vulnerabilities, climate risks and the growing dependency on space-based systems. But the top cyberthreats facing the U.S. are nation-state adversaries in People's Republic of China and emerging risks associated with artificial intelligence and quantum computing, said Department of Homeland Security Secretary Alejandro Mayorkas.

See Also: Nation-State, Ransomware Trends in Critical Infrastructure

Mayorkas on Thursday announced new guidance on defending against those risks. He called on sector risk management agencies responsible for overseeing the protection of critical infrastructure in the U.S. to work with owners and operators to develop and implement a foundation of resilience measures. Those measures should include response plans "to quickly recover from all types of shocks and stressors," while anticipating potential cascading impacts of cyberattacks, according to the guidance document.

"We depend on the reliable functioning of our critical infrastructure as a matter of national security, economic security, and public safety," Mayorkas said in a statement. "The threats facing our critical infrastructure demand a whole of society response and the priorities set forth in this memo will guide that work."

DHS plans to expand its Space Systems Critical Infrastructure Working Group "to prioritize and mitigate space-related risks to critical infrastructure," according to the guidance. The public-private working group was launched in 2021 under the Cybersecurity and Infrastructure Security Agency to improve the security and resilience of commercial space systems, in part by developing recommendations to manage risks to space-based assets and critical functions.

DHS also recommends that Sector Risk Management Agencies identify, pilot or deploy AI and other "technology-informed risk mitigation tools" to better protect critical infrastructure sectors. The guidance describes AI as "a transformative and general-purpose technology" with broad implications, including mitigating threats to critical infrastructure.

But the agency also warns that new threats from emerging technologies such as AI and cryptographically relevant quantum computers could pose risks for sensitive data maintained by critical infrastructure entities in the coming years.

The guidance largely relies on SRMAs to collaborate with key stakeholders across sectors to implement effective mitigation approaches and to identify and address threats from Beijing. DHS also called on SRMAs to support its Defense Critical Infrastructure Program, which aims to ensure the agency can provide networked assets to critical missions in the event of a security compromise or a cyberattack.

Under the new guidance, SRMAs will play a major role in mitigating the effects of supply chain disruptions for essential systems. DHS said the COVID-19 pandemic "showed the consequences of offshoring significant parts of critical supply chains" and warned of the potential "for other significant supply chain disruptions related to potential rail strikes and physical attacks on vessels in the Red Sea."

"The resilience of the nation's civilian and military supply chains is a matter of national and homeland security," the guidance says.

SRMAs were urged to evaluate their reliance on space systems "and the potential cascading impacts on their sector if disruptions were to occur."

DHS said it would ultimately work in coordination with private sector partners and SRMAs to address a wide range of emerging risks and added that "critical infrastructure stakeholders must adopt risk mitigation efforts that can accomplish results at scale."

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.