White House pushes cybersecurity framework for critical infrastructure

The new document should help criticial infrastructure operators develop cybersecurity programs, officials say

A new cybersecurity framework released Wednesday by U.S. President Barack Obama's administration aims to help operators of critical infrastructure develop comprehensive cybersecurity programs.

The voluntary framework creates a consensus on what a good cybersecurity program looks like, senior administration officials said. The 41-page framework takes a risk management approach that allows organizations to adapt to "a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner," according to the document.

Organizations can use the framework to create a "credible" cybersecurity program if they don't already have one, said one senior Obama administration official. "The key message is that cybersecurity is not something you just put in place and walk away," the official said, in a background press briefing. "There's no prescription or magic bullet for cybersecurity. There are only well-conceived, proven ways of continuously managing the risks."

The framework, building on a presidential directive from a year ago, can help "companies prove to themselves and to their stakeholders that good cybersecurity can be the same thing as good business," the official said.

Obama called the framework, developed by the U.S. National Institute of Standards and Technology with input from businesses, a "turning point" in the national discussion about cybersecurity. "It's clear that much more work needs to be done to enhance our cybersecurity," he said in a statement. "Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas."

Administration officials said they hope the framework will drive changes in the way organizations deal with cybersecurity. After a series of high-profile data breaches in recent months, "it's time to try something new," an administration official said.

The framework should jump-start discussions about what cybersecurity measures are beneficial, a second official said. The document is an "incredibly powerful tool for enabling the kind of conversations that need to happen between CEOs and boards and between the government and industry," he said.

Adoption of the framework is voluntary, but the U.S. Department of Homeland Security has established the Critical Infrastructure Cyber Community (C3) Voluntary Program to increase awareness of the framework. The C3 Voluntary Program will connect companies, as well as federal, state and local government entities, to DHS and other federal government programs that can help them manager their risks, the White House said.

Participants will be able to share lessons learned and get free tools aimed at improving their cybersecurity programs.

Some tech trade groups praised the framework, with mobile group CTIA saying it represented a "potentially important step forward." CTIA also called on Congress to pass legislation allowing companies to more easily share cyberthreat information with each other and with the government.

Internet Security Alliance President Larry Clinton praised the framework but said more action is needed.

"In Olympic terms, today marks the end of the preliminary rounds, we are on the right track but we haven't won any gold medals for cybersecurity yet," Clinton said by email. "The most important element of the effort so far is that we have moved away from trying to impose a government centric set of mandates on industry and instead are attempting to create a program based on industry developed standards and practices where voluntary adoption is motivated by market incentives."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. White HouseregulationsecurityU.S. Department of Homeland SecurityctiagovernmentBarack ObamaU.S. National Institute of Standards and Technologydata protectionInternet Security AllianceLarry Clinton

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?