Related practices and jurisdictions
On March 18, 2022, President Biden sent a letter to California Governor Gavin Newsom (“March 18” letter) asking him to secure California’s computer systems and critical infrastructure in light of recent Russian cyber attacks on Ukraine. President Biden advised Newsom to assemble its lead team to discuss California cybersecurity and address several fundamental issues, including whether California Public Utilities Commissions (or other California agencies) have set minimum cybersecurity standards for critical infrastructure of California.
President Biden further encouraged Newsom to publish the standards set in his May 2021 Executive Order, “Improving the Cyber Security of the Nation” (“May 2021 Executive Order”), to ensure California’s computer systems and critical infrastructure.
Three days later, on March 21, 2022, the President issued a statement informing US citizens that now is “a critical moment to accelerate our work to improve domestic cyber security and strengthen our national resilience” (“March 21 Statement”). ). He claimed that although the administration has made great efforts to strengthen the American national cyber defense, it cannot achieve such an imperative on its own. President Biden wrote that most of America’s critical infrastructure is owned and operated by the private sector and called on them to immediately strengthen their cyber defense.
The March 21 statement was accompanied by a factual report, where the administration encouraged private companies to take specific actions to help protect critical U.S. services. Some of the proposed actions are included in the May 2021 Executive Order and the March 18 letter. The most important actions included:
Obligation of multifactor authentication on computer systems;
Introduction of modern security tools on computers and devices;
Seek insight from cybersecurity professionals to ensure that systems are patched and protected from all known vulnerabilities;
Backing up data and ensuring that companies have offline backups;
Execution of exercises and exercises of emergency plans;
Data encryption;
Educating employees on how to detect cyber security events; i
Proactively engage with the local FBI field office or the regional office of the Cyber Security and Infrastructure Security Agency (CISA) to build pre-event cybersecurity relationships.
As highlighted in the March 18 letter and March 21 statement, state governments and private companies are currently at high risk of cyber attacks and should manage themselves accordingly. With this in mind, companies operating in and around U.S. critical services and infrastructure should be aware of administration comments and suggestions and should review their current cyber defense protocols and procedures to ensure that adequate protection exists. The CISA website provides useful insights into how private companies can help combat Russian cyber attacks.
© 2022 Bradley Arant Boult Cummings LLP National Legal Review, Volume XII, No. 123
Comments are closed.