National Cyber Director Harry Coker said in remarks on Wednesday that the growing threat posed by Chinese hacking groups is leading the Biden administration to step up its work to protect U.S. critical infrastructure from malicious hackers.
Coker said the Chinese have prompted the White House to intensify its focus on the operational technology supporting the nation’s grid, water, and other essential services. Coker cautioned that he doubts the American public is fully aware of the potential “magnitude” of a successful attack.
“Our cyberspace is growing in complexity, it’s more interconnected than ever before, and it’s increasingly defined by competition,” Coker said at an event Wednesday hosted by the McCrary Institute at Auburn University. “Aspiring just to manage the worst effects of cyber incidents is insufficient.”
Coker’s concerns mirror warnings from the past year from Biden administration officials about the digital threats to critical infrastructure sectors like energy, water and health care. Those warnings have been driven by what have been described by officials as the widespread infiltration of U.S. critical infrastructure by the hacking group known as Volt Typhoon, whose activities are believed to be laying the groundwork for disruptive attacks in the event of conflict between the United States and China.
Coker said that while he believes the U.S. has vastly improved its cyber defense posture, there are still improvements to be made. “It’s clear that a reactive posture cannot keep pace with fast-evolving cyber threats in a dynamic technology landscape. It’s also clear that just managing the worst effects of cyber incidents is no longer sufficient to ensure our national security, our economic prosperity and our democratic values,” Coker said.
On the heels of highly disruptive cyberattacks on the U.S. health care system in recent months, Coker said the administration, via the Department of Health and Human Services, is working to develop baseline cybersecurity standards for hospitals. He also said the administration is working with Congress to deliver aid for cybersecurity investments to small, rural, and critical access care facilities.
Coker added that the Environmental Protection Agency plans to provide more technical assistance to public water systems; the EPA on Monday announced an increase in inspections of the cybersecurity of water systems at a time when they are increasingly under attack and lack basic protections. The U.S. Department of Agriculture, meanwhile, plans to use its rural water circuit rider program to add cybersecurity offerings for some utilities.
In recent months, the Biden administration has rolled out a series of initiatives aimed at bolstering the cybersecurity of critical systems, including an April update to a key critical infrastructure presidential policy that codifies the nation’s approach to securing the most sensitive networks.
In February, President Joe Biden signed an executive order that gave the Coast Guard additional authority to protect maritime ports from malicious hackers.
Coker said that resilience has also been a focus of the administration. “We need to operate through some of the cyber threats that will persist and being prepared is a way to do that,” Coker said.
In his remarks on Wednesday, Coker touted these initiatives as evidence of the progress the administration has made on cybersecurity issues, but evaluating their impact remains difficult. A Government Accountability Office report from February noted that the administration’s cybersecurity plans lack performance measures that the watchdog says are essential for a national strategy.