Companies are expected to face stricter cybersecurity rules in 2022 as ransomware attacks and other cyber hacks against U.S. government agencies, critical infrastructure and private firms pushed the current administration to introduce aggressive cyber policies, WSJ Pro Cybersecurity reported Monday.
“I do think what the Biden administration has done over the past year is disruptive,” said Sujit Raman, a partner at law firm Sidley Austin.
“They have moved quite aggressively away from voluntary standards and have been willing to impose mandatory standards. It’s disruptive in a novel way,” added Raman, a former associate deputy attorney general at the Department of Justice.
The government has directed companies in some sectors to comply with zero trust principles in designing their networks, designate personnel to communicate with officials and report cyberattacks.
The current administration has also ordered federal agencies to identify and address gaps in software and come up with guidelines for every critical infrastructure sector they manage.
Agencies like the Transportation Security Administration have issued standards directing pipeline operators to improve their cybersecurity and perform audits.
Raman said U.S. officials are likely to introduce more cyber requirements for water supply system operators and other critical infrastructure companies in 2022.
