New US cybersecurity framework issued: in wake of cyber attacks and lawsuits, how should organisations respond?
The US National Institute of Standards and Technology (NIST) recently released version 1.0 of the ‘Framework for Improving Critical Infrastructure Cybersecurity’. The framework was developed in partnership with the private sector and provides a set of voluntary, risk-based measures that can be used by organisations to address cybersecurity risk. Already hailed as a useful resource by leaders in the private and public sectors, the framework is likely to become an influential benchmark in all industries for assessing the reasonableness of an organisation’s cybersecurity programme. As such, it is also likely that the framework will be referenced in regulatory proceedings, commercial and government contracts and litigation filed following data security breaches. This alert summarises the framework’s key elements and suggests practical strategies organisations can use to assess whether and how to use the framework.
On 12 February 2013, US president Barack Obama signed the executive order (EO) on improving critical infrastructure cybersecurity, which, among other things, directed NIST to develop a cybersecurity framework that would ‘help owners and operators of critical infrastructure identify, assess and manage cyber risk’, while incorporating voluntary consensus standards and industry best practices. ‘Critical infrastructure’ is defined extremely broadly in the EO as ‘systems and assets, whether physical or virtual, so vital to the US that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters’.
In developing the framework, NIST held multiple workshops, met with representatives from the private and public sectors and received hundreds of public comments on the preliminary framework it released in October 2013. The final framework was announced by the president on 12 February 2014 and presented at a White House event headlined by the secretaries of Homeland Security and Commerce and three chief executive officers…
Click on the link below to read the rest of the Hogan Lovells briefing.
Sign in or Register to continue reading this article
It's quick, easy and free!
It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.Register now
Why register to The Lawyer
In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.
Identify the major players and business opportunities within a particular region through our series of free, special reports.
Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.
More relevant to you
To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.
News from Hogan Lovells
News from The Lawyer
Briefings from Hogan Lovells
The decision of the US Court of Appeals has raised questions about how issuers should present their disclosures on conflict minerals under Exchange Act Rule 13p-1 and Form SD.
An interesting judgment was delivered by the Honourable J Majiki on 19 November 2013 in the Eastern Cape High Court, Port Elizabeth.
Analysis from The Lawyer
As international firms question their future in these small, closely linked markets, local lawyers too are eyeing the business environment with caution
Beyond the headline infrastructure projects, UK construction work is still recovering from the clobbering it took during the slump