A day before another winter storm shut down Washington DC with up to a foot of snow, the National Institute of Standards and Technology released the first version of a long-awaited cybersecurity framework. The report follows several recent cyber-attacks that compromised more than 100 million customer records from major retailers.
The framework was billed in a statement from President Barack Obama as a "turning point" in a nationwide discussion about cybersecurity. During the Framework announcement, a senior administration official said:
“One of the biggest cybersecurity issues facing critical infrastructure companies in all of these sectors — transportation, financial, health care, communications, energy — is simply this: When are you doing enough? When do you know you’ve done the best you can to protect your company, your suppliers, your customers from the adverse effects of cybersecurity threats?”The framework is a three-part risk-based approached to managing cybersecurity risk. The first part, the Framework Core, is a set of functions (Identify, Protect, Detect, Respond, and Recover) that provide a high-level strategic view of an organizations cybersecurity management.
Framework Implementation Tiers describe the degree to which an organization is prepared to manage cyber security risk, ranging from Partial (Tier 1) to Adaptive (Tier 4). The tiers represent increasing levels of preparedness from informal, reactive responses to agile, risk-informed approaches.
Finally, Framework Profiles provide a snapshot of where an organization is currently and the target profile which is based on business drivers and risk assessments of what the organization needs to implement.
The report opens stating "Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk." Hopefully the nationwide discussion inspired by the NIST framework will help ensure that the only infrastructure shutdowns in Washington (and the nation) will be from winter storms.
unique functionality for infrastructure security that can help you identify, protect, detect, respond and recover in ways that other network management tools just can't.