14 DAY TRIAL // The United States National Institute of Standards and Technology (NIST) has published a Preliminary Cybersecurity Framework designed to help the owners and operators of critical infrastructure in protecting their systems against cyberattacks.
A 45-day public comment period will be opened for the preliminary framework that aims to reduce cybersecurity risks in sectors such as telecommunications, power generation and transportation. The final version of the framework will be released by NIST in February 2014.
The framework for the protection of critical infrastructure is one of the objectives outlined in the executive order signed by US President Barack Obama in February 2013.
NIST has developed the framework based on information from over 3,000 individuals and organizations.
“Thanks to a tremendous amount of industry input, the voluntary framework provides a flexible, dynamic approach to matching business needs with improving cybersecurity,” stated Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher.
“We encourage organizations to begin reviewing and testing the Preliminary Framework to better inform the version we plan to release in February.”
The preliminary framework provides organizations, both large and small, with mechanisms that can help them determine their current cybersecurity posture. It can also aid them in determining the cybersecurity state they should be targeting, and identify the ways in which they can reach it.
“We want to turn today's best practices into common practices, and better equip organizations to understand that good cybersecurity risk management is good business,” Gallagher added.
“The framework will be a living document that allows for continuous improvement as technologies and threats evolve. Industry now has the opportunity to create a more secure world by taking ownership of the framework and including cyber risks in overall risk management strategies.”
NIST notes that the framework is designed for critical infrastructure, but other organizations can use it as well to enhance their capabilities when it comes to dealing with cyber threats. The agency will host a workshop to discuss the preliminary framework on November 14-15 at the North Carolina State University.