The federal government will soon give private companies associated with the nation’s critical infrastructure rules to follow to protect themselves from hackers in cyberspace.
In response to an executive order signed by President Obama in February, the National Institute of Standards and Technology (NIST) recently unveiled its “Preliminary Cybersecurity Framework” for review.
The preliminary framework’s core provides standards and best practices to enable organizations to identify, protect, detect, respond, and recover from cybersecurity risk, states NIST.
The current version is being released for public comment. The next version of the framework is expected to be completed by February 2014.
Concern from privacy advocates over legislative and executive branch efforts to reform how businesses protect themselves in cyberspace has lead to many starts and stops on Capitol Hill when lawmakers have attempted to address America’s cybersecurity concerns.
Even NIST’s proposed framework notes that industry standards and best practices for identifying and mitigating the impact of cybersecurity activities on privacy and civil liberties are few.
In addition, technologists have expressed their own concerns that the slow bureaucratic machinery of Washington could actually endanger companies combating threats attacking at the speed of light.
A July 2012 report from the Government Accountability Office found that utility companies were having difficulty focusing on building up effective cybersecurity capabilities because their resources were diverted towards regulatory compliance.
This same concern was expressed by House Homeland Security Commitee Chairman Michael McCaul after Obama announced his cybersecurity executive order in February.
While the federal government is under attack from nation-states looking to steal national security secrets, the U.S. private sector has been a cyber espionage target from nation’s and organization’s seeking to benefit from proprietary intellectual property.
A popular solution by both the government and the private sector focuses on empowering the companies under attack with the tools best needed to respond to threats.
The financial industry, for example, will finish up another round of drilling against cyber attacks on Thursday.
A recent study sponsored by SAS found that banks lacked the proper capabilities to adequately respond to cyber threats.
The electric power industry is scheduled to conduct its own two-day drill in November, simulating the effects of a continent-wide cyberattack on the power grid.