On the same day outgoing President Joe Biden met with President-elect Donald Trump to discuss the transition between them, a top White House cyber official made some recommendations for early cyber priorities for the incoming administration.

In its first 100 days, the Trump administration should build a framework for minimum cybersecurity standards for critical infrastructure companies, establish cybersecurity grants for those in need and deepen international partnerships, said Anne Neuberger, Biden’s deputy national security adviser  for cyber and emerging technology.

Neuberger offered those suggestions at an event Wednesday hosted by the Columbia University School of International and Public Affairs in what she called the bipartisan tradition of cybersecurity, having received “the baton” from the prior administrations and passing it on in a world of threats heavily dominated by China, ransomware and artificial intelligence.

“As we think about what the administration has done in each of those areas, we’ve learned a lot about what’s worked, what hasn’t worked,” she said, and the idea is to share “what we learned on both sides.”

There’s some indication of bipartisan continuity ahead on the issue of minimum cybersecurity standards, the lone topic in the 2024 Republican platform referencing cyber.

“We must have minimum regulations across critical infrastructure, because if our pipelines and our ports leave their digital doors and windows open, then it’s too easy,” Neuberger said.

One lesson learned that Neuberger pointed to  is that in the aftermath of the 2021 Colonial Pipeline hack, the administration shouldn’t have exerted its emergency authority to issue pipeline cybersecurity regulations before consulting industry. “Lesson No. 1: That wasn’t a good idea,” she said. Subsequent rules have brought in industry on the front end, she said.

It’s also important to measure compliance with those regulations, she said. Under the first inspections required by the pipeline rules in October of last year, 53% of the critical pipelines met the standards, Neuberger said, compared to 100% as of the end of this October. She also noted that rules for rail and aviation, rolled out later than the pipeline rules, jumped from 21% to 68% for rail over the same time frame, and from 0% to 57% for aviation.

How to go forward with future cyber regulations is unsettled, however, because of a Supreme Court ruling this year that overturned the so-called Chevron doctrine about the leeway agencies have to regulate.

“Certainly Chevron represents a challenge to cybersecurity regulations,” Neuberger said. “We believe that the regulations we’ve done are very true both to the letter of the law and the spirit, in that as new technologies were adopted in those sectors, the safety regulations evolve.”

Neuberger said the incoming administration should also focus on grant programs to help smaller government entities detect threats — a recommendation that could prove difficult under Trump’s reported nominee to lead the Homeland Security Department. And it should expand on partnerships like those of the Counter Ransomware Initiative to pressure Russia over its ransomware gangs, and even have more interactions with nations like China to apply pressure over illicit cyber activity, she said.

The post Trump administration should focus on cyber rules, grants and international partnerships, Biden official says appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

NSA Launches Guidance for Secure AI Deployment

April 22, 2024 0 Comments 0 tags

The new document is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries

Friday Squid Blogging: 1994 Lair of Squid Game

July 13, 2024 0 Comments 0 tags

I didn’t know: In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC. In the depths of the device, among the MS-DOS productivity apps built into its fixed

OpenAI bans accounts linked to ‘covert Iranian influence operation’

August 16, 2024 0 Comments 0 tags

OpenAI identified and banned a cluster of accounts this week that the company said Friday were part of a “covert Iranian influence operation” that generated content related to a variety