White House Announces Voluntary Cybersecurity Framework By Cheryl
White House Announces
Voluntary Cybersecurity Framework
By Cheryl Pellerin, American
Forces Press Service.
Washington D.C. – February 13, 2014 – (AFPS)
– The Obama administration has released a voluntary framework developed by
hundreds of companies, several federal agencies and many international
contributors as a how-to cybersecurity guide for organizations in the business
of running the nation’s critical infrastructure.
Such assets include facilities for generating and
transmitting electricity, producing and distributing oil and gas, and for
managing telecommunications, drinking and waste water, agriculture, food
production, heating, public health, transportation and financial and security
“Cyber threats pose one the gravest national security dangers
that the United States faces,” President Barack Obama said yesterday in a
statement released by the White House.
The framework is a key deliverable from the president’s Executive Order on
Improving Critical Infrastructure Cybersecurity, announced in his 2013 State of
the Union address.
“To better defend our nation against this systemic
challenge,” he said, “one year ago I signed an executive order directing the
administration to take steps to improve information sharing with the private
sector, raise the level of cybersecurity across our critical infrastructure, and
enhance privacy and civil liberties.”
Scientists and engineers at the National Institute of
Standards and Technology have since worked with the private sector to develop a
framework that highlights best practices and globally recognized standards for
managing cyber risk to critical infrastructure.
“This voluntary framework is a great example of how the
private sector and government can and should work together to meet this shared
challenge,” the president said.
For organizations that don’t know where to start in improving
cybersecurity, the framework provides a roadmap. For those with more advanced
cybersecurity capability, it offers a way to better communicate with their chief
executives and their suppliers about managing cyber risks, according to a
framework fact sheet. International organizations also can use the framework to
support their cybersecurity efforts.
The framework has three components -- the framework core,
profiles and tiers.
The core is a set of cybersecurity activities and references
that are common across critical-infrastructure sectors. They cover identifying,
protecting, detecting, responding to and recovering from cyber intrusions, and
they give an organization a high-level view of its cyber-risk management.
Profiles can help an organization align its cybersecurity
activities with business requirements, risk tolerances and resources, and tiers
allow an organization to view its approach to and processes for managing cyber
The framework also offers guidance on privacy and civil
liberties considerations arising from cybersecurity activities.
The Department of Homeland Security has established the
Critical Infrastructure Cyber Community, or C3, Voluntary Program as a
public-private partnership to boost framework use.
The program connects companies and federal, state, local,
tribal and territorial partners to DHS and other federal government programs and
resources for helping manage their cyber risks.
Participants will be able to share lessons learned, get help
and learn about free tools and resources.
Obama said he believes the framework marks a turning point
but more work must be done to enhance the nation’s cybersecurity.
“America’s economic prosperity, national security and our
individual liberties depend on our commitment to securing cyberspace and
maintaining an open, interoperable, secure and reliable Internet,” the president
“Our critical infrastructure continues to be at risk from
threats in cyberspace and our economy is harmed by the theft of our intellectual
property,” he said, adding that he believes addressing the challenges
effectively will ensure that the Internet remains an engine for economic growth
and a platform for the free exchange of ideas.
Obama also urged Congress to move forward on cybersecurity
legislation that protects the nation and the privacy and civil liberties of U.S.
(Follow Cheryl Pellerin on Twitter: @PellerinAFPS)