US Government Unveils 'Cybersecurity Framework'
The White House released Wednesday a new comprehensive cybersecurity framework aimed at strengthening the infrastructure of big data firms against cyber attacks and increasing communication about vital information concerning the cyber attacks.
The 39-page plan, titled "Framework for Improving Critical Infrastructure Cybersecurity," is a road map for talking about cybersecurity. The Obama administration recently vocalized its desire to have big firms communicate in a speedier and more articulate manner concerning cyber threats.
The Cybersecurity Framework is made up of three main components: the Framework Core, Profiles, and Tiers. According to a White House press release:
- The Framework Core is a set of cybersecurity activities and informative references that are common across critical infrastructure sectors. The cybersecurity activities are grouped by five functions -- Identify, Protect, Detect, Respond, Recover -- that provide a high-level view of an organization's management of cyber risks.
- The Profiles can help organizations align their cybersecurity activities with business requirements, risk tolerances, and resources. Companies can use the Profiles to understand their current cybersecurity state, support prioritization, and to measure progress towards a target state.
- The Tiers provide a mechanism for organizations to view their approach and processes for managing cyber risk. The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree of rigor in risk management practices, the extent to which cybersecurity risk management is informed by business needs, and its integration into an organization's overall risk management practices.
Spearheaded by The Department of Commerce's National Institute of Standards and Technology, the Framework is the result of one year of data gathering after President Obama issued issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," on Feb. 12, 2013.
"The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines applicable to critical infrastructure," reads section 7b of the Executive Order.
Taking part in the Cybersecurity Framework is not required, but the Department of Homeland Security has set up a Critical Infrastructure Cyber Community (C3) Voluntary Program to increase awareness and use of the Cybersecurity Framework.
It was just earlier in February that Acting Assistant Attorney General Mythili Raman told a the Obama administration strongly desires regulation that would require firms to quickly and accurately report electronic identity thefts to the public.
"Businesses should be required to provide prompt notice to consumers in the wake of a breach," Raman said. "American consumers should know when they are at risk of identify theft or other harms because of a data security breach."
The remarks came before a Senate Judiciary Committee and executives from retailers Target and Neiman Marcus, to stores that were the victims of cyber identity theft in 2013.
One such proposed solution for retailers is the adoption of EMV technology, a chip that makes it harder to thieves to counterfeit and access personal data.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!