Obama Launches Cybersecurity Framework for Cyber Risks Awareness

The Obama administration has launched a Cybersecurity Framework Wednesday that would strengthen security and flexibility of critical infrastructure in a model of public-private cooperation.

The Framework was created by the Department of Commerce's National Institute of Standards and Technology (NIST) based on the ideas of the kinds of standards, best practices, and guidelines contributed by people and organizations around the globe.

U.S Pres. Barack Obama described this as a "turning point" in the discussions concerning cybersecurity but also admitted that it still needs to be enhanced because critical infrastructures are still at risk from threats.

"Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas," Obama said in a White House press release.

Internet Security Alliance President Larry Clinton commended the Framework but implied that there's more that needs to be done.

"In Olympic terms, today marks the end of the preliminary rounds, we are on the right track but we haven't won any gold medals for cybersecurity yet," Clinton said in an email to PC World. "The most important element of the effort so far is that we have moved away from trying to impose a government centric set of mandates on industry and instead are attempting to create a program based on industry developed standards and practices where voluntary adoption is motivated by market incentives."

The Cybersecurity Framework has three components that reinforce connections among business drivers and cybersecurity activities: the Framework Core, the Profiles, and the Tiers.

Though the use of the Framework is voluntary, the Department of Homeland Security (DHS) has established the Critical Infrastructure Cyber Community (C3) Voluntary Program that will increase awareness and use of it.

The C3 Voluntary Program will connect public and private organizations that will assist their efforts in managing their cyber risks. Users then will be able to get assistance, share lessons learned, and know about tools and resources that can help them.

Real Time Analytics