Anne Neuberger: White House Working on Industrial Control System Security Plan

Anne Neuberger: White House Working on Industrial Control System Security Plan
Anne Neuberger Deputy National Security Adviser

Anne Neuberger, deputy national security adviser for cyber and emerging technology and a 2021 Wash100 Award winner, said the White House is working with the Environmental Protection Agency (EPA), Securities and Exchange Commission (SEC), energy sector and other organizations on a plan to protect industrial control systems from cyber threats, Nextgov reported Friday.

Neuberger said the plan will initially focus on operational technology that runs on systems that power gas, pipeline, water, electricity and chemical systems.

“Because of the difference in mission impact, risks, threats and culture, a deliberate and specific OT cybersecurity approach is required to secure our industrial infrastructure,” she said Friday at a SANS Institute-hosted virtual summit. 

Neuberger said an upcoming executive order in response to the SolarWinds cyber breach will include standards meant to improve software transparency.

“Today, as a network owner, if we're trying to buy a technology, network management software, we have no way to know the cybersecurity practices that were used in building that network management software or the level of risk we're introducing to our networks by buying a particular software versus a competitor one,” Neuberger said of the forthcoming EO. “That's what we need to change, because if we have that visibility, whether it's a software bill of materials … or other areas, then we can make decisions that put money on cybersecurity and say we value it.”

You may also be interested in...

Cybersecurity

DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.