Critical infrastructure cyber requirements pushed by presidential council

CyberScoop reports that mounting cybersecurity threats against critical infrastructure entities have prompted the National Infrastructure Advisory Council to advance mandatory cybersecurity standards not only for the organizations but also for tech vendors providing their systems. "For example, it is not effective to place cybersecurity compliance standards on providers of critical infrastructure without applying the same standards up the chain to those who provide operating systems providers depend upon," said the NIAC in a report, which also noted that industry input should accompany the development of standards. Aside from recommending standards consolidation within the federal government, the report has also pushed for stronger information sharing across industries and improved analysis of critical infrastructure supply chain vulnerabilities. Possible intersectoral collaborations have also been explored by NIAC, noting that the oil and natural gas and electric sectors could perform joint cyber exercises similar to the GridEx grid security exercise that involves a simulation of a major North American electric grid attack.