Fuel holding tanks are pictured at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland in May 2021, the month that a cyberattack disrupted gas supply to the eastern U.S. for several days.
Caption

Fuel holding tanks are pictured at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland in May 2021, the month that a cyberattack disrupted gas supply to the eastern U.S. for several days. / Getty Images

President Biden just signed a national security directive aimed at boosting defenses against ransomware attacks and the hacking of critical infrastructure like energy, food, water and power systems.

The directive sets performance standards for technology and systems used by private companies in those sectors — though it can't force those companies to comply.

The memorandum follows a series of high-profile attacks on a major pipeline and the country's biggest meat supplier (those have been linked to groups operating in Russia, and Biden says he raised the issue with Russian President Vladimir Putin when they met last month).

A senior administration official, speaking on condition of anonymity, told reporters that the new standards will be voluntary.

For reference, almost 90% of the country's critical infrastructure is owned and run by the private sector, and the government has limited authority over their cybersecurity requirements.

But the official says the Biden administration may pursue legislative options, with help from Congress, to require the kind of technological improvements that would defend against such cyberattacks.

"Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address the threat environment that we face," they added.

For now: The government may draw up the standards, but it's up to private companies to decide whether to follow them.

This story originally appeared on the Morning Edition live blog.

Copyright 2021 NPR. To see more, visit https://www.npr.org.