Cybersecurity framework to protect U.S. critical infrastructure
On February 12, the National Institute of Standards and Technology released the Framework for Improving Critical Infrastructure Cybersecurity. The framework was developed by hundreds of companies, several federal agencies, and many international contributors as a how-to cybersecurity guide for organizations in the business of running the nation’s critical infrastructure, which includes facilities that generate and transmit electricity, as well as those that manage telecommunications, drinking and waste water, food production, and public health, among others.
The framework is a key deliverable from President Obama’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity, and is described by the president as “a great example of how the private sector and government can and should work together to meet this shared challenge.” The framework provides a roadmap to improving cybersecurity as well as a way to better communicate with chief executives and suppliers about managing cyber risks.
The framework has three components — the framework core, profiles, and tiers. The core is a set of cybersecurity activities and references that are common across critical infrastructure sectors; the profiles can help an organization align its cybersecurity activities with business requirements, risk tolerances and resources; and the tiers allow an organization to view its approach to and processes for managing cyber risk.
Also, in an effort to boost framework use, the Department of Homeland Security (DHS) has established the Critical Infrastructure Cyber Community, or C3 (C-Cubed), Voluntary Program, a public-private partnership that connects companies and federal, state, local, tribal and territorial partners to DHS and other federal government programs and resources for help managing their cyber risks.
For more information on this topic, please follow the links below.
Framework for Improving Critical Infrastructure Cybersecurity, National Institute of Standards and Technology
White House Announces Cybersecurity Framework, American Forces Press Service
DHS Launches the C3 Voluntary Program, A Public-Private Partnership to Strengthen Critical Infrastructure Cybersecurity, Department of Homeland Security