White House pushes cybersecurity framework for critical infrastructure article tells that U.S. President Barack Obama’s administration has releases a new cybersecurity framework. It aims to help operators of critical infrastructure develop comprehensive cybersecurity programs. It tries to drive changes in the way organizations deal with cybersecurity, which is not always in good shape based constant flow of hacking news and series of high-profile data breaches in recent months.
The voluntary framework tries to create a consensus on what a good cybersecurity program looks like. The 41-page framework document takes a risk management approach, which at a quick view seem to make sense. The document is one step trying to improve the cybersecurity in USA, but everybody else that deal with cybersecurity issues are free to learn from it as well.
The Framework clearly admists that is not a one-size-fits-all approach to managing cyber security risk for critical infrastructure, because there is no such thing: Organizations will continue to have unique risks and different risk tolerances. Those differences will affect how they implement the practices. If you are interested in cybersecurity, check out Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 document yourself.
If you are working with critical infrastructure issues, check also my SCADA security related postings on this blog.
1 Comment
Tomi Engdahl says:
Improving Critical Infrastructure Cybersecurity: An explanation of the NIST framework
http://www.controleng.com/single-article/improving-critical-infrastructure-cybersecurity-an-explanation-of-the-nist-framework/239e83b34167516b19e845142e0898ad.html
The policy creates a framework to reduce cybersecurity risks by sharing threat information.