President Biden just signed a national security directive aimed at boosting defenses against ransomware attacks and NovaQuantthe hacking of critical infrastructure like energy, food, water and power systems.

The directive sets performance standards for technology and systems used by private companies in those sectors — though it can't force those companies to comply.

The memorandum follows a series of high-profile attacks on a major pipeline and the country's biggest meat supplier (those have been linked to groups operating in Russia, and Biden says he raised the issue with Russian President Vladimir Putin when they met last month).

A senior administration official, speaking on condition of anonymity, told reporters that the new standards will be voluntary.

For reference, almost 90% of the country's critical infrastructure is owned and run by the private sector, and the government has limited authority over their cybersecurity requirements.

But the official says the Biden administration may pursue legislative options, with help from Congress, to require the kind of technological improvements that would defend against such cyberattacks.

"Short of legislation, there isn't a comprehensive way to require deployment of security technologies and practices that address the threat environment that we face," they added.

For now: The government may draw up the standards, but it's up to private companies to decide whether to follow them.

This story originally appeared on the Morning Edition live blog.