Concern, Protection Shifts to Critical Infrastructure Cybersecurity

August 13, 2013

The NIST Cybersecurity Framework integrates policies, procedures, staff and technology investments into a total approach to manage risks at critical infrastructure including utilities. Logo art courtesy NIST

While attention was on potential physical attacks on utilities and other critical infrastructure sites, a growing number of troubling incidents involving computer networks and attackers acting alone and through friendly and not-so-friendly nations has shifted attention to cybersecurity issues.

So, as part of its efforts to develop a voluntary framework to improve cybersecurity in the nation's critical infrastructure, the National Institute of Standards and Technology (NIST) in early July posted a draft outline of the framework document while inviting public review and comments.

The Presidential Executive Order calling for NIST to develop the framework directs the agency to collaborate with the public and private sectors. The outline already reflects input received in response to comments, discussions at two workshops and other forms of stakeholder engagement.

The outline proposes a core structure for the framework and includes a user's guide and an executive overview that describes the purpose, need and application of the framework in business. Reflecting received comments that emphasized the importance of executive involvement in managing cyber risks, the framework is designed to help business leaders and their security executives evaluate how prepared their organizations are to deal with cyber threats and their impacts.

"We are pleased that many private sector organizations have put significant time and resources into the framework development process," says Adam Sedgewick, senior information technology policy advisor at NIST. "We believe that both large and small organizations will be able use the final framework to reduce cyber risks to critical infrastructure by aligning and integrating cybersecurity-related policies and plans, functions and investments into their overall risk management."

NIST also released a draft compendium of informative references composed of existing standards, practices and guidelines to reduce cyber risks to critical infrastructure industries. This material aims at fostering discussion at upcoming workshops and encouraging private-sector input before NIST publishes the official draft Cybersecurity Framework for public comment in October 2013.

The draft outline and other documents related to the Cybersecurity Framework are available at http://www.nist.gov/itl/cyberframework.cfm.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.

Poll

Comparison Metrics

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Concern, Protection Shifts to Critical Infrastructure Cybersecurity

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Concern, Protection Shifts to Critical Infrastructure Cybersecurity

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.