Executive Branch acts out on cybersecurity: what you need to know about this groundbreaking effort - .PDF file.
By Jim Halpert, Sydney M White and Ryan T Sulkin
The White House has released the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, which is a key step in the implementation of Executive Order 13636 on cyber security issued by president Obama in February 2013.
Over the course of the past year, NIST has worked with critical infrastructure (CI) owners and operators, including public and private sector organisations, trade associations and other industry groups, other federal agencies including the Department of Homeland Security and state, local and tribal governments to develop a voluntary, risk-based framework to promote and enhance the security and resiliency of CI and to help organisations, regardless of industry sector or size, to manage cyber risk. During the development of the framework, NIST held workshops, requested comments and met with stakeholders in order to maximise private sector input to ensure the framework reflects current industry sector standards, guidelines and best practices.
Administration speakers emphasised that the framework is intended to be voluntary and flexible. Whether or not use of the framework is later required by regulation in critical infrastructure sectors, we think it is likely that some modified version the framework core will make its way into commercial contracts for CI and possibly other services, and that the plaintiffs’ bar will attempt to test the framework as a standard of care for cyber security…
Click on the link below to read the rest of the DLA Piper briefing.