Dear Madam Speaker: (Dear Representative:) (Dear Senator:)
(Dear Mr. Chairman:)
I am providing this report, consistent with section 9002(b)(3) of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116-283) (the “Act”), as part of my efforts to keep the Congress informed of our work to secure the Nation’s critical infrastructure.
Pursuant to section 9002(b)(1)(B) of the Act, the Secretary of Homeland Security (Secretary) submitted to me in November of 2021, and subsequently provided to the appropriate congressional committees, a report assessing the current framework for securing the Nation’s critical infrastructure and providing relevant recommendations. I reviewed the Secretary’s report and did not identify any critical concerns with its findings or recommendations. The Secretary’s report incorporated feedback received through reviews led by both Department of Homeland Security and White House staff.
Recognizing the need to drive implementation of the Secretary’s recommendations across the Federal Government, my Administration will launch a process to review and revise, as appropriate, the primary United States policy for critical infrastructure, Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience). The strategic imperatives of today must address the increasing digitalization and automation of our infrastructure, efforts by our adversaries to gain footholds into our infrastructure, and the existential threat of climate change. Updated policy would strengthen the public-private partnership and provide clear guidance to executive departments and agencies (agencies) on designating certain critical infrastructure as systemically important. Moreover, it would clarify the roles, responsibilities, and services of the Sector Risk Management Agencies and the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate a national effort to secure and protect against critical infrastructure risks.
I therefore accept the recommendations of the Secretary of Homeland Security and look forward to working with him to oversee the implementation of these recommendations in close coordination with relevant agencies and the private sector. Specifically, the National Security Council and the Office of the National Cyber Director staff will closely monitor and provide guidance to CISA, as appropriate, in the implementation of the action items in the Secretary’s report.
Furthermore, the events of the past 2 years highlight the need for urgent action to improve the cybersecurity of our critical infrastructure. Our Nation lacks a comprehensive way to establish mandatory minimum cybersecurity requirements across our critical infrastructure, and current approaches differ by sector. My Administration looks forward to working with the Congress to fill gaps in statutory authorities to ensure our critical infrastructure is protected from cyber attacks.
My Administration is committed to working closely with the Congress on these matters to ensure more secure and resilient infrastructure while creating good-paying jobs, strengthening small businesses, and investing in the future.
JOSEPH R. BIDEN JR.