The Cybersecurity and Infrastructure Security Agency (CISA) has started identifying parts of U.S. critical infrastructure considered primary systemically important amid cybersecurity threats, CyberScoop reported Friday.
CISA Director Jen Easterly shared during a Center for Strategic and International Studies event that the agency is classifying entities “based on economic centrality, network centrality and logical dominance in the national critical functions.”
The idea of labeling systemically important critical infrastructure was first presented by the Cyberspace Solarium Commission to Congress, but lawmakers have yet to convert the proposal into law.
“Notwithstanding whether this ends up in legislation or not, and I certainly hope it does, we are already thinking through the model,” shared Easterly.
However, the official conceded that, without any legislation, CISA could not incentivize important infrastructure to meet cybersecurity standards and penalize entities failing to shore up their defenses.