SIRIUS 2023 report: Navigating the new era of obtaining electronic evidence

The latest SIRIUS publication outlines the experiences of EU authorities in retrieving electronic data held by foreign-based service providers, as well as their experiences in delivering data for the purpose of criminal investigations over the past year.

The report highlights a new frontier in electronic evidence

The EU Electronic Evidence legislative package, adopted in July 2023, marks a new era in obtaining electronic evidence, as it will enable competent authorities to issue legally binding orders directly to service providers offering services within the EU, regardless of their place of establishment. This move will help address issues regarding lengthy judicial procedures to obtain data across borders, as well as legal uncertainties surrounding practices of voluntary cooperation between competent authorities and service providers.

Furthermore, other new legal instruments, such as the Second Additional Protocol to the Budapest Convention on Cybercrime will introduce novel legal bases for direct cooperation between competent authorities and private entities. The EU Digital Services Act, which introduces standardised minimum requirements for orders to provide information under EU Member States’ national laws, also provides further tools and clarity for authorities in need of obtaining data across borders.

However, challenges persist. The report highlights the need for comprehensive preparation among all stakeholders. From law enforcement's perspective, social media platforms, messaging apps, and cryptocurrency exchanges are pivotal in investigations. While formal training on electronic evidence has been provided to officers, gaps in familiarity with the new legislation remain, emphasising the need for extensive training programs.

Judicial authorities face time-consuming hurdles when accessing data from foreign service providers, urging the need for enhanced legal powers and EU-wide legislative efforts to regulate data retention for the purposes of criminal investigations and proceedings. Service providers, on the other hand, grapple with authenticating requests and resource allocation, emphasising the benefits of centralisation of requests.

A strategic roadmap to navigate this new frontier in electronic evidence

Amidst the challenges posed by advancing technology and the expanding electronic landscape, the report provides recommendations for law enforcement and judicial authorities, as well as service providers, which serve as a strategic roadmap.

By strengthening capacity and mutual trust, law enforcement and judicial authorities can successfully navigate the complexities of electronic evidence. Collaborative efforts and shared solutions will pave the way for a more secure digital environment in the EU, as well as effective and efficient prosecutions. To prepare law enforcement and judicial authorities as well as service providers to successfully pioneer this new frontier of electronic evidence, it is imperative to raise awareness and provide training on those novel legal instruments so significant to this project.

CISA and ENISA Enhance Cooperation

The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness.

Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023.

ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those areas and activities that will have high and measurable added value in achieving the Agency’s strategic objectives. CISA is a key partner to ENISA in achieving these objectives and by extension the EU in achieving a higher common level of cybersecurity. The Working Arrangement is both a consolidation of present areas of cooperation, as well as opening the door to new ones. Current examples are the organisation and promotion of the International Cybersecurity Challenge (ICC), exchanging best practices in the area of incident reporting or ad hoc information exchanges on basic cyber threats.

High Representative of the European Union for Foreign Affairs and Security Policy / Vice-President of the European Commission, Josep Borrell said: “Cyber threats have no borders. This is why international cooperation with our partners is a must. The working arrangement between ENISA and CISA is an important deliverable from the EU-US Cyber Dialogue. It will enable us to effectively combat the escalating cybersecurity threats we confront. By fostering deeper cooperation, we can facilitate information sharing, develop collaborative strategies, and bolster our collective resilience against cyberattacks.”

European Commissioner for Industry, Defence and Technology, Thierry Breton said: “Today’s challenging geopolitical context also manifests in intensified threats facing us in the cyberspace. It is essential that the EU and the United States work hand in hand to advance a secure cyberspace, including through protecting critical infrastructures and improving the security of digital products.”

Signing partners:

CISA leads the United States’ effort to understand, manage, and reduce risk to cyber and physical infrastructure. “In today’s highly complex and borderless cyber threat landscape, collaboration remains key to everything we do,” said CISA Director Jen Easterly. “CISA’s Working Arrangement with ENISA signifies a new chapter in our collective resilience. Together we will enhance cybersecurity awareness, fortify capacity building initiatives, and foster a robust environment for knowledge sharing and best practice exchanges, ensuring a safer digital landscape for our citizens.”

European Union Agency for Cybersecurity (ENISA), Executive Director, Juhan Lepassaar, said: “This new Working Arrangement is an evolution and consolidation of the effective cooperation with our US counterpart. The structured collaboration will address some of our common challenges in the cyber threat landscape.”

This arrangement is broad in nature and covers both short-term structured cooperation actions, as well as paving the way for longer-term cooperation in cybersecurity policies and implementation approaches. Cooperation will be sought in the areas of:

- Cyber Awareness & Capacity Building to enhance cyber resilience: including facilitating the participation as third country representatives in specific EU-wide cybersecurity exercises or trainings and the sharing and promotion of cyber awareness tools and programmes.

- Best practice exchange in the implementation of cyber legislation; including on key cyber legislation implementation such as the NIS Directive, incident reporting, vulnerabilities management and the approach to sectors such as telecommunications and energy.

- Knowledge and information sharing to increase common situational awareness: including a more systematic sharing of knowledge and information in relation to the cybersecurity threat landscape to increase the common situational awareness to the stakeholders and communities and in full respect of data protection requirements.

A work plan will operationalise the Working Arrangement and regular reporting at the EU-US Cyber Dialogues is foreseen.

Medical Device Cybersecurity: Agencies Need to Update Agreement to Ensure Effective Coordination

Cybersecurity vulnerabilities that threaten medical devices aren't commonly exploited but still pose risks to hospital networks—and patients, according to a federal study.

The Food and Drug Administration has primary responsibility for medical device cybersecurity. FDA formally collaborates with the Cybersecurity and Infrastructure Security Agency on security guidance for device manufacturers, public alerts about current vulnerabilities, and more.

However, the agencies' formal agreement is 5 years old. We recommended updating the agreement to improve agency coordination and clarify roles.

Medical devices, such as heart monitors, connected to a hospital network may be vulnerable to cyber threats.

According to the Department of Health and Human Services (HHS), available data on cybersecurity incidents in hospitals do not show that medical device vulnerabilities have been common exploits. Nevertheless, HHS maintains that such devices are a source of cybersecurity concern warranting significant attention and can introduce threats to hospital cybersecurity.

Non-federal entities representing health care providers, patients, and other relevant parties identified challenges in accessing federal support to address cybersecurity vulnerabilities. Entities described challenges with (1) a lack of awareness of resources or contacts and (2) difficulties understanding vulnerability communications from the federal government. Agencies are taking steps that, if implemented effectively, can meet these challenges.

Key agencies are also managing medical device cybersecurity through active coordination. Specifically, the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) developed an agreement addressing most leading practices for collaboration. However, this 5-year-old agreement did not address all such practices and needs to be updated to reflect organizational and procedural changes that have occurred since 2018.

FDA authority over medical device cybersecurity has recently increased. Specifically, December 2022 legislation requires medical device manufacturers to submit to FDA, among other things, their plans to monitor, identify, and address cybersecurity vulnerabilities for any new medical device that is to be introduced to consumers starting in March 2023. This legislation is limited to new devices and does not retroactively apply to those devices introduced prior to March 2023, unless the manufacturer is submitting a new marketing application for changes to the device.

FDA officials are implementing new cybersecurity authorities and have not yet identified the need for any additional authority. They can take measures to help ensure device cybersecurity under existing authorities such as monitoring health sector and CISA alerts, as well as directing manufacturers to communicate vulnerabilities to user communities and to remediate the vulnerabilities.

According to FDA guidance, if manufacturers do not remediate vulnerabilities, FDA may find the device to be in violation of federal law and subject to enforcement actions.

Cyber threats that target medical devices could delay critical patient care, reveal sensitive patient data, shut down health care operations, and necessitate costly recovery efforts. FDA is responsible for ensuring that medical devices sold in the U.S. provide reasonable assurance of safety and effectiveness.

The Consolidated Appropriations Act, 2023, includes a provision for GAO to review cybersecurity in medical devices. This report addresses the extent to which (1) relevant non-federal entities are facing challenges in accessing federal support on medical device cybersecurity, (2) federal agencies have addressed identified challenges, (3) key agencies are coordinating on medical device cybersecurity, and (4) limitations exist in agencies' authority over medical device cybersecurity.

GAO identified federal agencies with roles in medical device cybersecurity. It also selected 25 non-federal entities representing health care providers, patients, and medical device manufacturers. GAO interviewed these entities on challenges in accessing federal cybersecurity support. In addition, GAO assessed agency documentation and compared coordination efforts against leading collaboration practices; reviewed relevant legislation and guidance; and interviewed agency officials.

GAO is making recommendations to FDA and CISA to update their agreement to reflect organizational and procedural changes that have occurred. Both agencies concurred with the recommendations.

CIPRNA Announced Preliminary Conference Programme

Critical Infrastructure Protection & Resilience North America, taking place on 12th-14th March 2024 in Lake Charles, Louisiana, and co-hosted by IACIPP and Infragard Louisiana, has announced the Preliminary Conference Program for the 2024 conference and exhibition, and you can download the agenda at www.ciprna-expo.com/PSG.

The Guide provides you the outline program, excellent international expert speakers and schedule of events to help you plan your participation.

You can also register online today and save with the Early Bird delegate rates at www.ciprna-expo.com/register

Confirmed Speakers include:
– Dr David Mussington, Executive Assistant Director for Infrastructure Security, Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA)
- Brian Harrell, VP & Chief Security Officer, AVANGRID
- Michael Hill, Program Specialist, Cybersecurity and Infrastructure Security Agency
- Emilio Salabarria, Senior Program Manager for Cybersecurity, The Florida Center for Cybersecurity: Cyber Florida
- Dr. Srinivas Bhattiprolu, Global Head of Advanced Consulting Services, Nokia
- Ed Landgraf, Chairman, Coastal And Marine Operators
- Kimberly Heyne, ChemLock Program Manager, Cybersecurity and Infrastructure Security Agency (CISA)
- Dan Frazen, CO-CEM, Agriculture Emergency Coordinator (All-Hazards), Colorado Department of Agriculture
- Dr. Joshua Bergerson, Principal Infrastructure Analyst, Argonne National Laboratory
- Chris Essid, Sector Branch Chief, Cybersecurity and Infrastructure Security Agency (CISA)
- Budge Currier, Assistant Director Public Safety Communications, California Office of Emergency Services (Cal OES)
- Terrence Check, Senior Legal Council, CISA
- Rola Hariri, Defense Industrial Base Liaison, Cybersecurity and Infrastructure Security Agency (CISA)
- Lester Millet, President, Infragard Louisiana & Safety Risk Agency Manager, Port of South Louisiana
- Michael Finch, Technology Services Director, Lane County Department of Technology Services
- Richard Tenney, Senior Advisor, Cyber, Cybersecurity and Infrastructure Security Agency (CISA)
- Andrew A Bochman, Senior Grid Strategist-Defender, DOE / Idaho National Lab
- Jim Henderson, CEO, Insider Threat Defense Group

Full speaker list: www.ciprna-expo.com/speakers2024
Download Agenda: www.ciprna-expo.com/PSG
Schedule of Events/Agenda: www.ciprna-expo.com/schedule
List of Exhibitors: www.ciprna-expo.com/exhibition/exhibitors
Registration: www.ciprna-expo.com/register

Join the community in Lake Charles on 12th-14th March 2024 for some more great discussions on securing America's critical infrastructure and assets.

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

As part of the Secure by Design campaign, CISA has published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners:

• United States National Security Agency
• United States Federal Bureau of Investigation
• Australian Signals Directorate’s Australian Cyber Security Centre
• Canadian Centre for Cyber Security
• United Kingdom National Cyber Security Centre
• New Zealand National Cyber Security Centre
• Computer Emergency Response Team New Zealand

Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability. Preventing and responding to these vulnerabilities cost both software manufacturers and their customer organizations significant time and resources.

The Case for Memory Safe Roadmaps details how software manufacturers can transition to memory safe programming languages (MSLs) to eliminate memory safety vulnerabilities. The guidance provides manufacturers steps for creating and publishing memory safe roadmaps that will show their customers how they are owning security outcomes, embracing radical transparency, and taking a top-down approach to developing secure products—key Secure by Design tenets.

CISA and our partners urge C-suite and technical experts at software manufacturers to read this guidance and implement memory safe roadmaps to eliminate memory safety vulnerabilities from their product.

Enea Evolves Mobile Network Security Portfolio to Improve Resilience Amid Growing Threats

Enea consolidates its suite of network security solutions to serve the unique needs of Mobile Network Operators and CPaaS providers as the volume of messaging and signaling attacks continues to break records and threaten critical infrastructure.

Enea, a leading provider of telecom and cybersecurity solutions, has consolidated its suite of network security solutions to address the mounting challenges of mobile network security and regulatory compliance and addresses two key areas: signaling security and messaging security. The portfolio update emphasizes intelligence-driven adaptability and accuracy and comprises four solutions tailored to the critical and growing demands of Mobile Network Operators (MNOs) and Communication Platform as a Service (CPaaS) providers and aggregators, and a further solution designed for the unique requirements of national security agencies.

The four network security solutions announced today for mobile network operators, CPaaS providers, and aggregators are as follows:

- Enea Adaptive Signaling Firewall accurately detects and blocks malicious signaling traffic to protect against threats such as person location tracking, interception of calls and messages, subscriber privacy intrusions, and DoS attacks on mobile networks. It combines the multi-protocol signaling firewall with unified enhanced reporting and signaling threat intelligence, providing a uniquely comprehensive three-point defense against signaling threats to keep attackers in check.

- Enea Signaling Intelligence Layer uses aggregated and obfuscated data from a worldwide footprint of signaling firewalls, combined with qualified threat intelligence, to provide insights on global network traffic. It gives mobile network operators unrivaled, up-to-the-minute visibility of the dynamic threat landscape, which can be used to guard against evolving threats on the network.

- MNOs will also benefit from the Enea Adaptive Messaging Firewall, which detects, blocks, and protects from rapidly adapting messaging threats such as phishing and spam and protects against revenue leakage to grey routes. Mobile network operators can filter malicious and unmonetized messages using advanced technologies such as tamper-resistant fingerprinting, intelligent message categorization, and URL classification, backed with up-to-the-minute threat intelligence.

- CPaaS providers and aggregators, who transmit A2P messages from brands to mobile networks, will be able to leverage the Enea Adaptive Messaging Firewall for CPaaS to filter messages for compliance and use granular controls to prioritize message delivery and guard against rising threats such as Artificial Inflation of Traffic (AIT), which exploit communication platforms for financial gain, often at the cost of the sending brands.

All three firewall solutions are based on Enea’s latest cloud-native platform technology, which enables deployment in public or private cloud, on virtual infrastructure, or on bare-metal servers. Granular control for multi-site deployments improves resilience and manages regulatory compliance for cross-border needs. The platform uses flexible configurations, allowing swift upgrades to counter new threats. Mobile network operators typically require both messaging and signaling firewalls and therefore benefit from a unified platform for both solutions.

To ensure optimal protection, all solutions integrate extensive threat intelligence provided through a combination of Enea’s expert security analysts, machine learning, and intelligent algorithms. Both signaling and messaging security rely heavily on the actionable insights threat intelligence provides to keep defense up-to-date and ahead of threat actors, fraudsters, and scammers.

The portfolio announced today ensures the needs of different users are comprehensively addressed and separated into discrete solutions. This approach makes it easier for buyers to assess the values offered by the portfolio and will increase the speed at which Enea can bring important innovations to the market and deliver new value to its customers. This agility is vital in the context of a rapidly evolving threat landscape, when signaling-borne and message-based threats are on the rise. As far as messaging is concerned, phishing remains the number one attack vector globally. A recent survey based on a poll of 8,000 consumers identified a 70% increase in fraudulent messages. As well as the considerable damage cybercrime causes victims, fraudulent messages also erode trust in brands, negatively impacting revenue and churn, making it a growing concern for CPaaS providers and aggregators.

Signaling threats, often posed by nation-state-sponsored threat actors, have come under increased scrutiny by regulators because of their risk to privacy and national security. In a series of recent research publications, Enea has shown how mobile networks in Ukraine have been attacked through the signaling network with the aim of damaging civil and military defenses.

“As is increasingly recognized by both regulators and leading telcos, cybersecurity operations in the telecom sector needs to be increasingly threat-intelligence driven” said Patrick Donegan, Principal Analyst, HardenStance. “It’s good to see a mobile network security leader like Enea leading with this as it refreshes and repositions its portfolio.”

John Hughes, senior vice president and head of Enea’s network security business, commented, “In a zero-trust world, mobile network operators and communications services providers are under near-constant attack. Faced with the pressure to protect their networks and comply with regulations, Enea’s suite of intelligence-driven network security solutions give accurate, granular control, simplify and streamline operations, and can scale easily to match modern-day data usage trends.”

The Enea Adaptive network security solutions are today deployed in more than 90 service providers worldwide, securing services for 2.4 billion subscribers. In excess of 3 billion messages are handled by Enea’s messaging firewalls every day.

NCSC warns of enduring and significant threat to UK's critical infrastructure

The UK's cyber chief has signalled that the threat to the nation’s most critical infrastructure is ‘enduring and significant’, amid a rise of state-aligned groups, an increase in aggressive cyber activity, and ongoing geopolitical challenges.

In its latest Annual Review, published today, the National Cyber Security Centre (NCSC) – which is a part of GCHQ – warned that the UK needs to accelerate work to keep pace with the changing threat, particularly in relation to enhancing cyber resilience in the nation’s most critical sectors.

These sectors include those that provide the country with safe drinking water, electricity, communications, its transport and financial networks, and internet connectivity.

Over the past 12 months, the NCSC has observed the emergence of a new class of cyber adversary in the form of state-aligned actors, who are often sympathetic to Russia’s further invasion of Ukraine and are ideologically, rather than financially, motivated.

In May this year, the NCSC issued a joint advisory revealing details of ‘Snake’ malware, which has been a core component in Russian espionage operations carried out by Russia’s Federal Security Service (FSB) for nearly two decades.

Today, the NCSC is reiterating its warning of an enduring and significant threat posed by states and state-aligned groups to the national assets that the UK relies on for the everyday functioning of society.

More broadly, the UK government remains steadfast in its commitment to safeguarding democratic processes. Recent milestones include the implementation of digital imprint rules under the Elections Act to foster transparency in digital campaigning, fortifying defences against foreign interference through the National Security Act, and advancing online safety measures through the implementation of the Online Safety Act.

NCSC CEO Lindy Cameron said:

“The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech.

“As our Annual Review shows, the NCSC and our partners have supported government, the public and private sector, citizens, and organisations of all sizes across the UK to raise awareness of the cyber threats and improve our collective resilience.

“Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities. We are committed to facing those head on and keeping the UK at the forefront of cyber security.”

CISA Announces Secure by Design Alert Series: How Vendor Decisions Can Reduce Harm at a Global Scale

CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. We continuously we publish alerts and advisories to help defenders prioritize their work based on the current threats and software vulnerabilities. We additionally provide defenders with ongoing help prioritizing their scarce resources; for example, our Known Exploited Vulnerabilities (KEV) program identifies the common vulnerabilities and exposures (CVEs) that malicious actors are actively exploiting in the wild.

But to reduce the nation’s risk, we need to do more than warn defenders about the most current attacks and software vulnerabilities. We need to look much further “left-of-boom” and into the software development practices in order to fix things before intrusions cause harm to the American people. We need to identify the recurring classes of defects that software manufacturers must address by performing a root cause analysis and then making systemic changes to eliminate those classes of vulnerability. We need to spot the ways in which customers routinely miss opportunities to deploy software products with the correct settings to reduce the likelihood of compromise. Such recurring patterns should lead to improvements in the product that make secure settings the default, not stronger advice to customers in “hardening guides”.

Most importantly, we need to convey that insecure technology products are not an issue of academic concern: they are directly harming critical infrastructure, small businesses, local communities, and American families. Today CISA is launching a new series of products: Secure by Design Alerts. When we see a vulnerability or intrusion campaign that could have been reasonably avoided if the software manufacturer had aligned to secure by design principles, we’ll call it out. Our goal isn’t to cast blame on specific vendors; to the contrary, we know that vendors make software development and security choices as part of broader business decisions. Instead, our goal is to shine a light on real harm occurring due to these “anti-security” decisions. While the usual dialogue around an intrusion is about how victims could have done more to prevent or respond, alerts in this new series will invert this dialogue by focusing attention on how vendor decisions can reduce harm at a global scale.

Our first publication in the Secure by Design Alert series focuses on malicious cyber activity against web management interfaces. It brings attention to how customers would be better shielded from malicious cyber activity targeting these systems if manufacturers implemented security best practices and eliminated repeat classes of vulnerabilities in their products – and aligned their work to Secure by Design principles.

One of the core principles we identified in our Secure by Design whitepaper is to “take ownership for customer security outcomes”. By identifying the common patterns in software design and configuration that frequently lead to customer organizations being compromised, we hope to put a spotlight on areas that need urgent attention. The journey to build products that are secure by design is not simple and will take time. We hope Secure by Design Alerts will help software manufacturers evaluate their software development lifecycles and how they relate to customer security outcomes.

CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

In a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) are proud to announce the release of the Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure.

The Guidelines, complementing the U.S. Voluntary Commitments on Ensuring Safe, Secure, and Trustworthy AI, provide essential recommendations for AI system development and emphasize the importance of adhering to Secure by Design principles. The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority.

The Guidelines apply to all types of AI systems, not just frontier models. We provide suggestions and mitigations that will help data scientists, developers, managers, decision-makers, and risk owners make informed decisions about the secure design, model development, system development, deployment, and operation of their machine learning AI systems.

This document is aimed primarily at providers of AI systems, whether based on models hosted by an organization or making use of external application programming interfaces. However, we urge all stakeholders—including data scientists, developers, managers, decision-makers, and risk owners make—to read this guidance to help them make informed decisions about the design, deployment, and operation of their machine learning AI systems.

CISA leads Critical Infrastructure Security and Resilience Month

Resolve to be Resilient!

Each year, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national recognition of Critical Infrastructure Security and Resilience (CISR) Month in November. This annual effort focuses on educating and engaging all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s wellbeing and why it is important to strengthen critical infrastructure security and resilience.

Weather is becoming more extreme, physical and cyberattacks are a persistent threat, and technology is advancing in ways that will change our future very quickly. We must prepare by accepting that it’s our responsibility to strengthen critical infrastructure and protect the vital services it provides. We can do this by embracing resiliency and building it into our preparedness planning—and then exercising those plans. The safety and security of the nation depends on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions.

President Joe Biden issued the following statement: "Bolstering the Nation’s infrastructure is a cornerstone of my Investing in America agenda. With a combination of funding from the American Rescue Plan, Bipartisan Infrastructure Law, the Inflation Reduction Act, and the CHIPS and Science Act, we are investing billions of dollars to enhance the security of our infrastructure by elevating roads and bridges above projected flood zones, supporting community resilience programs, reducing the strain put on our power grids, and so much more. These investments will save lives, protect our families, render a strong and innovative economy, enhance our resilience to disasters, and provide peace of mind to millions of Americans.

We know that to protect our critical infrastructure we must improve our cybersecurity. From the very beginning of my Administration, we have worked tirelessly to strengthen our Nation’s cyber defenses. During my first year in office, I issued an Executive Order on Improving the Nation’s Cybersecurity, a crucial step toward defending against the increasingly malicious cyber campaigns targeting our infrastructure. My Bipartisan Infrastructure Law builds on this progress by investing $1 billion to bolster cybersecurity for State, local, Tribal, and territorial governments. I am proud to have appointed senior cybersecurity officials who are laser-focused on anticipating and responding to cyber threats and ensuring that the Federal Government leverages all of its resources to improve the cybersecurity of the Nation’s critical infrastructure. These priorities have been catalyzed by my National Cybersecurity Strategy released earlier this year, which lays out our strategy to enhance the cybersecurity and resilience of our Nation’s critical infrastructure and the American people.

While my Administration is investing to protect America’s critical infrastructure, we are also working with our international partners to build sustainable, resilient infrastructure around the globe. At the G20 Summit earlier this year, through the Partnership for Global Infrastructure and Investment, I was proud to unveil the launch of the landmark United States partnership with the European Union to develop the Trans-African Corridor. We are working with partners to connect the Democratic Republic of the Congo and Zambia to regional and global trade markets through the Port of Lobito in Angola, including by launching feasibility studies for a new greenfield rail line expansion between Zambia and Angola. This reliable and cost-effective corridor will increase efficiencies, secure regional supply chains, enhance economic unity, generate jobs, and decrease the carbon footprint in both countries. We hope to pursue opportunities to connect our initial investments across the continent to Tanzania and, ultimately, the Indian Ocean. Through quality infrastructure investments in key economic corridors like these, we are creating a better future filled with opportunity, dignity, and prosperity for everyone."

1 2 3 4 27