Federal Authorities Pursue Imperative Cyber Aid for Water Facilities and Healthcare Systems
The Biden administration is taking significant steps to bolster the cybersecurity of critical infrastructure sectors, particularly focusing on healthcare and water utilities.
In a recent keynote speech, National Cyber Director Harry Coker Jr. outlined new actions to strengthen these sectors, emphasizing the need for a proactive approach to boost resilience and strengthen sector management. Coker highlighted ongoing threats to the nation's critical infrastructure and expressed concern about children being recruited for cybercrime, stating it's "terrifying".
One of the key initiatives is the creation of the AI Information Sharing and Analysis Center (AI-ISAC), which will enable infrastructure operators and federal agencies to exchange intelligence on cyber threats, vulnerabilities, and mitigation techniques. This center is expected to play a crucial role in enhancing cooperation between federal agencies and private sector operators.
The Biden budget proposes substantial funding for this effort. For instance, it allocates $25 million for a first-ever cyber grant for water utilities and an additional $12 million for cybersecurity capacity at the Department of Health and Human Services (HHS). The budget also proposes $25 million for additional sector risk management agency capacity.
For healthcare, the administration is implementing a cybersecurity strategy that includes raising baseline standards for hospitals and seeking additional aid for small, rural, and critical care facilities. The Department of HHS will also implement its strategy, which includes developing secure, resilient technology and AI systems designed to prevent, detect, and respond to cyberattacks.
In the agricultural sector, the Department of Agriculture will invest in a circuit rider program to integrate cybersecurity programs for rural water utilities that are considered vulnerable. Meanwhile, the Environmental Protection Agency will provide more technical assistance for public water systems.
These measures are designed to harden critical sectors against evolving cyber risks while leveraging advanced technologies and partnerships to maintain national security and public safety. The administration's approach reflects an intent to mobilize all available powers, including expanded private sector participation and international cooperation, to proactively defend and disrupt threats targeting vital sectors before damage occurs.
Recent activities show regulatory adjustments under the Trump administration that shifted cybersecurity oversight. However, the Biden administration's 2023 strategy pillars continue emphasizing “Defend Forward”—actively engaging threats beyond U.S. borders to protect critical infrastructure internally and externally. The healthcare and water utilities sectors, as essential components of critical infrastructure, receive special focus within these efforts aimed at national security and public safety.
The administration's efforts to combat ransomware and boost resilience in key critical infrastructure sectors, including healthcare and water utilities, are ongoing. The Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology are assessing the feasibility of a security risk assessment center for open source software, as per the CSRB's 2022 recommendation regarding the Log4j vulnerability crisis. Additionally, at the recommendation of the CSRB, the Department of Justice plans to develop a program to deter juveniles away from cybercrime.
In conclusion, the Biden administration's approach in phase two of its national cybersecurity strategy for healthcare and water utilities involves mobilizing federal and private sector collaboration to detect and neutralize cyber threats early, creating intelligence sharing hubs like AI-ISAC for timely, actionable threat information, developing secure, resilient technology and AI systems, continuing the Defend Forward doctrine, and investing in programs to protect vulnerable sectors and deter juveniles from cybercrime. These measures aim to ensure the resilience and security of critical infrastructure sectors in the face of evolving cyber threats.
[1] White House. (2023). The Biden administration’s national cybersecurity strategy. Retrieved from https://www.whitehouse.gov/cybersecurity/ [2] Coker, H. (2023). Keynote speech at Auburn University’s McCrary Institute. Retrieved from https://www.auburn.edu/newsroom/news/2023/03/national-cyber-director-harry-coker-jr-delivers-keynote-speech-at-auburn-universitys-mccrary-institute-in-washington-dc [3] Cyber Safety Review Board. (2023). 2023 report on the Lapsus$ ransomware group. Retrieved from https://www.csrb.gov/reports/2023/lapsus-report/
- The recent initiatives by the Biden administration focus on risk management, particularly in the healthcare and water utility sectors, and emphasize a proactive approach to boost resilience and strengthen sector management.
- The creation of the AI Information Sharing and Analysis Center (AI-ISAC) is a key initiative aimed at enhancing cooperation between federal agencies and private sector operators, sharing intelligence on cyber threats, vulnerabilities, and mitigation techniques to combat ransomware and other cybersecurity threats.
- The Biden budget proposes substantial funding for cybersecurity, including $25 million for a cyber grant for water utilities, $12 million for cybersecurity capacity at the Department of Health and Human Services, and $25 million for additional sector risk management agency capacity.
- The administration's approach to policy-and-legislation in the field of cybersecurity includes implementing strategies that aim to prevent, detect, and respond to cyberattacks, such as the Defend Forward doctrine and the development of secure, resilient technology and AI systems, and investing in programs to protect vulnerable sectors and deter juveniles from cybercrime. [Sources: White House, Coker, Cyber Safety Review Board]
