Administration of Joseph R. Biden, Jr., 2022

November 7, 2022

Dear Madam Speaker: (Dear Representative:) (Dear Senator:) (Dear Mr. Chairman:)

I am providing this report, consistent with section 9002(b)(3) of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116â283) (the "Act"), as part of my efforts to keep the Congress informed of our work to secure the Nation's critical infrastructure.

Pursuant to section 9002(b)(1)(B) of the Act, the Secretary of Homeland Security (Secretary) submitted to me in November of 2021, and subsequently provided to the appropriate congressional committees, a report assessing the current framework for securing the Nation's critical infrastructure and providing relevant recommendations. I reviewed the Secretary's report and did not identify any critical concerns with its findings or recommendations. The Secretary's report incorporated feedback received through reviews led by both Department of Homeland Security and White House staff.

Recognizing the need to drive implementation of the Secretary's recommendations across the Federal Government, my Administration will launch a process to review and revise, as appropriate, the primary United States policy for critical infrastructure, Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience). The strategic imperatives of today must address the increasing digitalization and automation of our infrastructure, efforts by our adversaries to gain footholds into our infrastructure, and the existential threat of climate change. Updated policy would strengthen the public-private partnership and provide clear guidance to executive departments and agencies (agencies) on designating certain critical infrastructure as systemically important. Moreover, it would clarify the roles, responsibilities, and services of the Sector Risk Management Agencies and the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate a national effort to secure and protect against critical infrastructure risks.

I therefore accept the recommendations of the Secretary of Homeland Security and look forward to working with him to oversee the implementation of these recommendations in close coordination with relevant agencies and the private sector. Specifically, the National Security Council and the Office of the National Cyber Director staff will closely monitor and provide guidance to CISA, as appropriate, in the implementation of the action items in the Secretary's report.

Furthermore, the events of the past 2 years highlight the need for urgent action to improve the cybersecurity of our critical infrastructure. Our Nation lacks a comprehensive way to establish mandatory minimum cybersecurity requirements across our critical infrastructure, and current approaches differ by sector. My Administration looks forward to working with the Congress to fill gaps in statutory authorities to ensure our critical infrastructure is protected from cyber attacks.

My Administration is committed to working closely with the Congress on these matters to ensure more secure and resilient infrastructure while creating good-paying jobs, strengthening small businesses, and investing in the future.

Sincerely,

Joseph R. Biden Jr.

NOTE: Identical letters were sent to Speaker of the House of Representatives Nancy Pelosi; House Minority Leader Kevin O. McCarthy; Senate Majority Leader Charles E. Schumer and Minority Leader A. Mitchell McConnell; John F. Reed, chairman, and James M. Inhofe, ranking member, Senate Committee on Armed Services; Gary C. Peters, chairman, and Robert J. Portman, ranking member, Senate Committee on Homeland Security and Governmental Affairs; D. Adam Smith, chairman, and Michael D. Rogers, ranking member, House Committee on Armed Services; and Bennie G. Thompson, chairman, and Ritchie J. Torres, ranking member, House Committee on Homeland Security. An original was not available for verification of the content of this letter.

Categories: Communications to Congress : U.S. critical infrastructure, letter transmitting report.

Subjects: Defense and national security : Cybersecurity :: Cyber attacks; Defense and national security : Cybersecurity :: Strengthening efforts; Environment : Climate change; Homeland Security, Department of : Secretary; Infrastructure, national improvement efforts.

DCPD Number: DCPD202201010.