Monday, November 18, 2013

NIST cybersecurity framework development continues

NIST, the National Institute of Standards and Technology, held its fifth public workshop last week in Raleigh, North Carolina on a comprehensive cybersecurity framework mandated in a February 2012 executive order.

The framework is designed to improve cybersecurity across sixteen critical infrastructure industries and build up from a basic core of functions based around the structure of Identify, Protect, Detect, Respond and Recover. From there, the framework gets more specific in categories, subcategories and finally informative references, which are standards, guidelines and practices common among critical infrastructure sectors that illustrate how to meet the guidelines in each category.

The preliminary framework defines "critical infrastructure" as:
“systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
The most recent workshop solicited more feedback from a diverse group of cybersecurity specialists, lawyers and federal employees and policymakers, as well as provided guidance on what lies ahead as the framework moves from development to application.

A common concern expressed by industry experts about the framework is how much of challenge it will be for small and medium-sized businesses to implement.

"There are twenty-two categories and ninety-seven subcategories. That's a lot for small and medium-sized businesses," said Cox Communications CISO Phil Agcaoili during a panel discussion at the workshop. 

Uplogix is a part of securing critical network infrastructure. From maintaining and enforcing AAA (authentication, authorization and accounting), regardless of the state of the network to eliminating modem security issues by "dialing-out" instead of accepting in-bound requests, Uplogix provides a secure platform for device administration. 

In the Recover function described in the NIST framework, Uplogix provides detailed audit and compliance reporting, so you will always be able to know who, did what, and with what effect to your critical network and communications devices.