Director Jen Easterly of the Cybersecurity and Infrastructure Security Agency (CISA) stated at the Mandiant mWISE conference in Washington, DC that the following are areas of focus for the entity moving forward:
- Water
- K–12 education
- Healthcare cybersecurity
Easterly said the organization would focus on companies with a lot of targets but few resources, including nonprofit hospitals, local water facilities, and K–12 school districts. While some medical device businesses favored the modifications and claimed they gave the FDA’s reasoning greater clarity, others believed the recommendations went beyond what Congress had intended. Easterly pointed out that the organization expects to finalize and distribute cybersecurity performance goals for critical infrastructure as early as next week in addition to putting a greater emphasis on these three industries. Key federal agencies were required to collaborate with the National Institute of Standards and Technology (NIST) to create cybersecurity performance goals and baseline security practices for owners and operators of critical infrastructure as per President Biden’s executive order (EO 14028) from May 2021.
According to Easterly, the advice will list the security measures with the greatest potential for impact to “materially quantify the reduction of risk across the most essential areas.” In an ideal world, the performance goals will offer critical infrastructure firms with guidance so they may prioritize risk management more effectively, especially those with limited resources. In order to secure crucial infrastructure, Easterly emphasized the significance of close government partnerships and cooperation between the public and private sectors.
Healthcare cybersecurity standards and advice from the White House are due imminently, according to Anne Neuberger, the Biden Administration’s deputy national security advisor for cyber and emerging technology. Neuberger specifically mentioned the healthcare, water, and communications industries as the White House’s upcoming three cybersecurity target areas, reiterating the administration’s emphasis on the security of key infrastructure. As a result of rising cyberthreats, Easterly and Neuberger’s remarks imply that the government is paying additional attention to healthcare cybersecurity, and that more advice and resources for healthcare companies may be forthcoming.