National Security Memorandum on Improving
Cybersecurity for Critical Infrastructure
Control Systems
whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improvingcybersecurity-for-critical-infrastructure-control-systems
July 28, 2021
Protection of our Nation’s critical infrastructure is a responsibility of the government at
the Federal, State, local, Tribal, and territorial levels and of the owners and operators of
that infrastructure. The cybersecurity threats posed to the systems that control and
operate the critical infrastructure on which we all depend are among the most significant
and growing issues confronting our Nation. The degradation, destruction, or malfunction
of systems that control this infrastructure could cause significant harm to the national
and economic security of the United States.
Section 1.Policy. It is the policy of my Administration to safeguard the critical
infrastructure of the Nation, with a particular focus on the cybersecurity and resilience of
systems supporting National Critical Functions, defined as the functions of Government
and the private sector so vital to the United States that their disruption, corruption, or
dysfunction would have a debilitating effect on national security, economic security,
public health or safety, or any combination thereof.
Sec. 2.Industrial Control Systems Cybersecurity Initiative. Accordingly, I have
established an Industrial Control Systems Cybersecurity Initiative (Initiative), a
voluntary, collaborative effort between the Federal Government and the critical
infrastructure community to significantly improve the cybersecurity of these critical
systems. The primary objective of this Initiative is to defend the United States’ critical
infrastructure by encouraging and facilitating deployment of technologies and systems
that provide threat visibility, indications, detection, and warnings, and that facilitate
response capabilities for cybersecurity in essential control system and operational
technology networks. The goal of the Initiative is to greatly expand deployment of these
technologies across priority critical infrastructure.
Sec. 3.Furthering the Industrial Control Systems Cybersecurity Initiative. The Initiative
creates a path for Government and industry to collaborate to take immediate action,
within their respective spheres of control, to address these serious threats. The Initiative
builds on, expands, and accelerates ongoing cybersecurity efforts in critical infrastructure
sectors and is an important step in addressing these threats. We cannot address threats
we cannot see; therefore, deploying systems and technologies that can monitor control
systems to detect malicious activity and facilitate response actions to cyber threats is
1/3