How to fine-tune the White House\u2019s new critical infrastructure directive | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"How to fine-tune the White House\u2019s new critical infrastructure directive\"> <meta property=\"og:description\" content=\"National Security Memorandum 22 represents a good first step to better protect America\u2019s critical infrastructure.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-05-01T19:08:15+00:00\"> <meta property=\"article:modified_time\" content=\"2024-05-01T19:08:16+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1712700738g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1713212360g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1712858261g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80317\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80317\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fhow-to-fine-tune-the-white-houses-new-critical-infrastructure-directive%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fhow-to-fine-tune-the-white-houses-new-critical-infrastructure-directive%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80317 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"23.85\">\n<div class=\"single-article__header-content\" readability=\"29.182186234818\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/commentary\/\"> <span>Commentary<\/span> <\/a> <\/li>\n<\/ul>\n<p> National Security Memorandum 22 represents a good first step to better protect America\u2019s critical infrastructure. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive-1.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> A view of the White House on April 28, 2024 in Washington, D.C. (Photo by Kent Nishimura\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"45.679100664282\"><body readability=\"92.897601960441\"><\/p>\n<p>It\u2019s been more than a decade since the United States last revised the key policy document that describes the federal government\u2019s role in protecting U.S. critical infrastructure, but this week the Biden administration finally took a significant step to update these authorities. With the release of National Security Memorandum 22 (NSM-22), the White House has issued a much-needed update to Presidential Policy Directive 21 (PPD-21), which was issued in 2013 and has become outdated in the face of a rapidly changing threat landscape.<\/p>\n<p>On the whole, NSM-22 offers some important reforms to how the federal government hopes to protect U.S. critical infrastructure given more severe cyberattacks. But by omitting to designate the space and cloud computing industries as critical infrastructure, the document also leaves something to be desired. Moreover, it\u2019s unclear whether the Cybersecurity and Infrastructure Security Agency, which NSM-22 places at the helm of the mission to protect American infrastructure, has the resources it needs to respond to a highly complex threat landscape.<\/p>\n<p>The previous directive, PPD-21, was crafted when the nation\u2019s cybersecurity challenges were relatively simple compared to today\u2019s complex and sophisticated threats. In the years since, we have witnessed a deluge of devastating attacks across our critical infrastructure. Most recently, the <a href=\"https:\/\/www.wired.com\/story\/alphv-change-healthcare-ransomware-payment\/\">Change Healthcare ransomware attack<\/a> caused major disruption to the U.S. health care system. Meanwhile, Russian-linked hackers have breached a <a href=\"https:\/\/www.cnn.com\/2024\/04\/17\/politics\/russia-hacking-group-suspected-texas-water-cyberattack\/index.html\">Texas water facility<\/a>, and the Chinese-linked hackers known as <a href=\"https:\/\/cyberscoop.com\/fbi-warns-china-preparing-for-disruptive-attacks\/\">Volt Typhoon<\/a> have pre-positioned malware to disrupt U.S. infrastructure in the event of a conflict.<\/p>\n<p>The new NSM represents a positive step forward in adapting to these evolving threats. One of its key achievements is the formal codification of CISA as the national coordinator for Critical Infrastructure cybersecurity efforts across the government and private sector. This move recognizes the critical role that CISA plays in ensuring the nation\u2019s resilience and security.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Furthermore, the NSM introduces the concept of Systemically Important Entities (SIEs), acknowledging that specific organizations and systems have far-reaching impacts that extend beyond their immediate sectors. By identifying and prioritizing the protection of these SIEs, the memorandum aims to mitigate the cascading effects that disruptions to these entities could have on interconnected systems and critical services.<\/p>\n<p>While the NSM represents progress, it has its limitations and missed opportunities. Despite their growing importance, one glaring omission is the failure to designate space and cloud assets as critical infrastructure sectors. While cloud infrastructure warrants consideration, given its role underpinning digital services, the space domain demands urgency. This arena is increasingly contested, with adversaries recognizing the strategic value of space-based capabilities and actively seeking ways to disrupt or deny our access in this rapidly emerging frontier. From communication and navigation to surveillance and weather forecasting, space systems underpin a wide range of vital civil and military operations, making their protection a matter of economic and national security.<\/p>\n<p>Another concern is the need for more funding or resources allocated to CISA and the sector risk management agencies (SRMAs) \u2014 which refer to those agencies designated to oversee a given critical infrastructure sector \u2014 to carry out their expanded roles and responsibilities under the new NSM. While the memorandum aims to provide an updated policy framework and better define these agencies\u2019 roles, it needs to address the critical issue of resourcing.<\/p>\n<p>Effective implementation of any policy directive hinges on adequate resources such as personnel, technological capabilities, and funding. These resources are necessary for agencies like CISA and the SRMAs to meet the heightened expectations the NSM sets, potentially undermining its overall effectiveness.<\/p>\n<p>As threats continue to evolve, the roles and resources allocated to these agencies will become even more crucial in securing their respective sectors and maintaining the overall resilience of the nation\u2019s critical infrastructure. Congress must recognize the importance of adequately funding and staffing these organizations to ensure they can effectively fulfill their mandates and accomplish their missions.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Collaboration between government agencies, the private sector, and other stakeholders will be vital in identifying and addressing potential gaps or areas for improvement. The United States can ensure its cybersecurity posture remains robust and responsive to the evolving threat landscape through continued collaboration, adaptation and a proactive approach to policy development.<\/p>\n<p>Missed opportunities aside, make no mistake: NSM-22 represents a step in the right direction. There will be opportunities to address these shortcomings and refine the nation\u2019s cybersecurity policies. We must make the next set of updates before another decade. A proactive approach is crucial and will help ensure the U.S. remains agile and responsive to emerging threats.<\/p>\n<p><strong><em>Frank Cilluffo<\/em><\/strong><em> directs the McCrary Institute for Cyber & Critical Infrastructure Security at Auburn University. He previously served as a commissioner on the U.S. Cyberspace Solarium Commission and served as a special assistant to President George W. Bush for Homeland Security. <strong>Alison King<\/strong> is the vice president of government affairs at Forescout Technologies and an OT Cyber Coalition executive member. Previously, she was a staff member of the U.S. Cyberspace Solarium Commission.<\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.37579617834395\">\n<div class=\"author-card\" readability=\"7\">\n<p><h4 class=\"author-card__name\">Written by Frank Cilluffo and Alison King<\/h4>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to fine-tune the White House\u2019s new critical infrastructure directive<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[280,452,1967,1968,1959],"tags":[284,454,1969,1970,1960],"class_list":["post-3353","post","type-post","status-publish","format-standard","hentry","category-commentary","category-cybersecurity-and-infrastructure-security-agency-cisa","category-national-security-memorandum-22","category-nsm-22","category-ppd-21","tag-commentary","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-national-security-memorandum-22","tag-nsm-22","tag-ppd-21"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/commentary\/\" rel=\"category tag\">Commentary<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-memorandum-22\/\" rel=\"category tag\">National Security Memorandum 22<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nsm-22\/\" rel=\"category tag\">NSM-22<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ppd-21\/\" rel=\"category tag\">PPD-21<\/a>","tag_info":"PPD-21","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3353"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3353\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":3353,"date":"2024-05-01T14:08:15","date_gmt":"2024-05-01T19:08:15","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80317"},"modified":"2024-05-01T14:08:15","modified_gmt":"2024-05-01T19:08:15","slug":"how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/01\/how-to-fine-tune-the-white-houses-new-critical-infrastructure-directive\/","title":{"rendered":"How to fine-tune the White House\u2019s new critical infrastructure directive"},"content":{"rendered":"