The bars are high on cybersecurity this year as companies across the globe are now expected to report cyberattacks, appoint an appropriate staff to liaise with officials and must design their networks to conform with zero-trust principles.

These rules come after the big tech White House meet on strengthening cybersecurity in 2021 that shows the shift in these rules moving from a relatively hands-off approach to cyber, with voluntary guidelines and oversight.

To sum it up, the government appears to be widely informing vulnerable entities to the country’s cybersecurity infrastructure exactly what is expected of them.

“I do think what the Biden administration has done over the past year is disruptive,” says Sujit Raman, a partner at law firm Sidley Austin LLP, and a former associate deputy attorney general at the Justice Department. “They have moved quite aggressively away from voluntary standards and have been willing to impose mandatory standards. It’s disruptive in a novel way”.

Pipeline operators must tighten cybersecurity and undergo audits to show they have done so, according to new rules established by agencies such as the Transportation Security Administration.

Federal authorities have also been given orders to detect and fix problems in the software they employ, as well as to create rules for each key infrastructure sector they supervise.

The impact from software hacks by SolarWinds Corp., and Microsoft Corp., dominated the first months of 2021, affecting thousands of businesses and many federal organizations. The campaigns were later linked to state-sponsored hackers in Russia and China, according to the US authorities. Both governments have stated that they are not involved.

Another major incident regarding the Homeland Security Secretary Alejandro Mayorkas is still recalled as a national security danger, but the May attack on Colonial Pipeline Co., pushed the issue into sharp focus.

“The recognition of the impact that a ransomware attack on a commercial critical infrastructure sector can have on our nation, I think accelerated the need for the government to have a more coordinated and focused response,” says Brad Medairy, executive vice president, Booz Allen Hamilton Inc.

As the Justice, State, Homeland Security, and Treasury departments launched expanded measures to manage cyber threats, serious hacks on food-processing major JBS SA and technology company Kaseya Ltd. occurred. For the Kaseya attack, a Russia-based cryptocurrency exchange, and cybersecurity organizations accused of organizing conferences for recruiting spies, the US levied sanctions or charges against alleged ransomware operators in Russia and Ukraine.


According to Mr. Raman of Sidley Austin, in 2022, US regulators are likely to give more cyber requirements to key infrastructure companies, including the water supply.


According to Mr. Medairy of Booz Allen, a continuous shortage of cybersecurity personnel will be an issue. According to the (ISC)2, a cyber professional organisation, the global deficit is estimated to be roughly 2.7 million people.

“We’re dealing with a significant cyber workforce and talent shortage, and the government can’t solve the problem alone”, Medairy adds.