Presidential Policy 16 Amendments Would Highlight Federal Agencies’ Roles in Protecting Critical Infrastructure

A National Security Council official said amendments to a presidential policy directive will focus on how critical infrastructure sector operators and federal agencies work with each other.

Jonathan Murhpy, director of critical infrastructure cybersecurity at the NSC, said changes to Presidential Policy Directive 16 will highlight how federal agencies interact with the 16 sectors identified as critical infrastructure and would ensure that risk management agencies that oversee such sectors would create and execute a cybersecurity vision. The amendments will also emphasize CISA’s increasing role in mitigating threats.

Presidential Policy Directive 16 is an Obama-era policy for the U.S. critical infrastructure sectors. Created without much attention to ransomware and other cyberthreats, it was also formed five years before CISA’s conception, CyberScoop reported Thursday.

Murphy’s comments follow a Department of Homeland Security warning in September that malicious actors are using artificial intelligence to execute cyberattacks against critical infrastructure operators.

According to the DHS Homeland Threat Assessment report, state-supported hackers use AI to develop more sophisticated tools and techniques designed to affect key sectors, including energy, transportation, health care, and oil and gas. The report was released months after CISA’s Cybersecurity Advisory Committee looked at ways to enhance infrastructure security through information exchange, data analysis and other means.