The White House released a statement on improving cybersecurity for critical infrastructure control systems. That’ll really show those Russians we mean business!

It’s better than nothing and the goals are laudable, but until some real regulations are established to enforce application of standards, the “sector-specific critical infrastructure performance goals” will continue to be unmet. Some stiff penalties for failing to meet the standards could make a difference.

More importantly than the penalites which corporations often treat as a cost of doing business, it might engender a change in attitude much like the safety cultures now present in most manufacturing environments. A real security culture is what it will take to establish solid cybersecurity in critical industries.