New US cybersecurity framework issued: in wake of cyber attacks and lawsuits, how should organisations respond?

The US National Institute of Standards and Technology (NIST) recently released version 1.0 of the ‘Framework for Improving Critical Infrastructure Cybersecurity’. The framework was developed in partnership with the private sector and provides a set of voluntary, risk-based measures that can be used by organisations to address cybersecurity risk. Already hailed as a useful resource by leaders in the private and public sectors, the framework is likely to become an influential benchmark in all industries for assessing the reasonableness of an organisation’s cybersecurity programme. As such, it is also likely that the framework will be referenced in regulatory proceedings, commercial and government contracts and litigation filed following data security breaches. This alert summarises the framework’s key elements and suggests practical strategies organisations can use to assess whether and how to use the framework.

On 12 February 2013, US president Barack Obama signed the executive order (EO) on improving critical infrastructure cybersecurity, which, among other things, directed NIST to develop a cybersecurity framework that would ‘help owners and operators of critical infrastructure identify, assess and manage cyber risk’, while incorporating voluntary consensus standards and industry best practices. ‘Critical infrastructure’ is defined extremely broadly in the EO as ‘systems and assets, whether physical or virtual, so vital to the US that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety or any combination of those matters’.

In developing the framework, NIST held multiple workshops, met with representatives from the private and public sectors and received hundreds of public comments on the preliminary framework it released in October 2013. The final framework was announced by the president on 12 February 2014 and presented at a White House event headlined by the secretaries of Homeland Security and Commerce and three chief executive officers…

Click on the link below to read the rest of the Hogan Lovells briefing. 

Sign in or Register to continue reading this article

Sign in


It's quick, easy and free!

It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.

Register now

Why register to The Lawyer


Industry insight

In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.


Market intelligence

Identify the major players and business opportunities within a particular region through our series of free, special reports.


Email newsletters

Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.

More relevant to you

To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.

Briefings from Hogan Lovells

View more briefings from Hogan Lovells

Analysis from The Lawyer

View more analysis from The Lawyer


Atlantic House
Holborn Viaduct

Turnover (£m): 1,098.00
No. of lawyers: 2,313 (UK 200)
Jurisdiction: UK
No. of offices: 8
No. of qualified lawyers: 219 (International 50)
No. of partners: 56