Today, Cisco’s Eric Wenger, Senior Director of Technology Policy, Global Government Affairs, responds to the Biden Administration’s National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.
Cisco welcomes the continued attention that the U.S. federal government is applying to secure critical infrastructure (CI). We applaud the leadership CISA and NIST will take developing common cybersecurity performance goals across critical sectors to confront common threats, like ransomware. Both agencies have a strong track record of collaboration with the private sector, and will no doubt take standards-oriented, risk-based approaches to inform policies for the variety of sectors impacted.
We need a combination of basic steps, like widespread adoption of basic security hygiene, and fundamental paradigm shifts that will tilt the advantage away from attackers and towards defenders. Recognizing that not all can be implemented at once, prioritization for CI owners and operators will be key. The first step is to uniformly adopt baseline measures, like ensuring that software and systems are updated and patched, and implementing multi-factor authentication. From here, it will be important to execute a concerted pivot towards secure architectures that leverage zero trust security principles. If done right, we can harness the power of intelligent, intuitive networks to protect access across all IT applications and environments regardless of user, device and location.
We strongly encourage our CI customers to take advantage of opportunities like the President’s Industrial Control Cybersecurity Initiative and look forward to partnering with our customers as they make measurable changes to their security posture. Cisco also stands ready to support future initiatives including securing critical infrastructure as well as more measurable action in the ransomware space. Only through a strong and ongoing partnership between defenders, industry and government can we find a means to collectively defend ourselves against actors who defy global norms.