The United States government has released its first ever Cybersecurity Framework that encourages information technology companies, communications firms, and other critical-infrastructure to beef up cybersecurity.
The Framework, released Wednesday, is based on Executive Order 13636 issued by President Barack Obama on Feb. 12, 2013, calling for toughened defenses against cyber threats. The National Institute of Standards and Technology (NIST) was directed by the president to collaborate with concerned sectors to come up with the framework based on existing practices, guidelines, and standards to lower cyber threat risks.
"Through the development of this Framework, industry and government are strengthening the security and resiliency of critical infrastructure in a model of public-private cooperation. Over the past year, individuals and organizations throughout the country and across the globe have provided their thoughts on the kinds of standards, best practices, and guidelines that would meaningfully improve critical infrastructure cybersecurity.," The White House stated in a press release.
The Cybersecurity Framework serves as a road map for organizations that need to protect their systems but do not know where to start. It also serves as guide for firms that already has advanced systems security but want to further improve their fences.
The 39-page Framework points out that business drivers should be the guide of organizations on assessing cybersecurity risks and activities.
"The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers," the document read.
The Core consists of informative references and sets of activities that can help organizations identify, detect, and respond to cyber risks or attacks. It also serves as guide for critical infrastructure companies to recover in case of an attack.
The Profiles section of The Framework details the standards to which companies can compare their current state of cybersecurity provisions and see what things should be done to get to an ideal or target state to thwart possible threats.
The Tiers portion of the document point to the different levels of risk management practices depending on one's business needs.
"While I believe today's Framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity. America's economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property," said President Obama.
"Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas. I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties. Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat," he added.
While the program may not be the best fix, the public-private partnership will allow participants to share what works and not, seek assistance, and have access to resources to better protect their brands and customers.
Since the last quarter of 2013, major hacking incidents have occurred. There is credit data hack that affected millions of Target customers, the OpenSSL Project attack, and the latest is the unmasked Careto malware allegedly created by Spanish-speaking authors that has been targeting governments, embassies, corporations, and individuals across the globe.