News / Science & Technology

    Obama Administration Offers Companies Broad Standards to Improve Cybersecurity

    Reuters
    The U.S. government on Wednesday released the final version of standards meant to help companies in nationally critical industries better defend against cyber attacks, and officials now face the challenge of getting the private sector to adopt the voluntary measures.

    Criticized for being too vague and toothless, the so-called cybersecurity framework turned a vast amount of industry input into guidelines designed for 16 different sectors whose disruption could be devastating to the country.

    The release from the National Institute of Standards and Technology comes exactly one year after President Barack Obama issued an executive order directing the agency to compile voluntary minimum cybersecurity standards as one step to counter the lack of progress on cybersecurity law in Congress.

    “While I believe today's Framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity,” Obama said in a statement.

    “I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties,” he said. “Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat.”

    The framework, drafted by the nonregulatory government agency in consultation with thousands of industry experts, offers broad benchmarks for companies to measure the effectiveness of their cyber defenses.

    The Obama administration had faced intense pushback from the private sector on its earlier effort to mandate cyber defense standards, which contributed to stalled legislation. Now, the White House hopes companies voluntarily adopt the framework they have helped draft.

    “This voluntary Framework is a great example of how the private sector and government can, and should, work together to meet this shared challenge,” Obama said, and a senior administration official called the framework the beginning of a “continuing common-sense conversation” about protecting the nation's critical assets from cyber attacks.

    “I think that the NIST standards will become over the next year or two, while we are waiting for legislation, the de facto best practices, just because they are accessible and current,” said Jonathan Fairtlough, managing director at Kroll Advisory Solutions' cyber investigations practice.

    Will private sector adapt standards?

    Cybersecurity experts warn that relentless efforts to hack into U.S. banks and financial institutions, the power grid and other critical infrastructure, paired with instances of disruptive attacks abroad, pose a national security threat.

    The issue recently became a household topic after hackers stole about 40 million credit and debit card records and 70 million other records with personal customer data from the third-largest U.S. retailer, Target Corp.

    Many experts have expressed alarm about the lack of awareness or reluctance among some companies' leadership to spend more money on cyber defenses. The framework could force the issue into more executive suites, analysts say.

    “At a minimum, it's going to force this conversation up the food chain, out of the CEO office into the boardroom,” said Tom Kellermann, a former member of Obama's Commission on Cyber Security and software company executive now with professional services firm Alvarez & Marsal.

    But it is unclear whether the private sector, always concerned about liabilities attached to any standards, would widely adopt the voluntary framework.

    The departments of Homeland Security, Commerce and Treasury are reviewing potential incentives for adoption, though some companies worry that incentives will come with strings attached and prompt more regulatory oversight or threat of lawsuits.

    The White House has emphasized the voluntary nature of the framework and the need for companies to view cybersecurity as a business decision, part of its risk-management strategy.

    “We may not ever know how widely the framework has been adopted, because obviously there's not a requirement,” a second senior Obama administration official said on Wednesday. “There's an enlightened sense here that we're counting on.”

    Department of Homeland Security on Wednesday also launched a program called Critical Infrastructure Cyber Community that would help companies reach out to the government for assistance in adopting the framework, and that participation may help gage the popularity of the standards, the official said.

    Questions about effectiveness

    But it is also unclear how effective the framework will prove in practice.

    “At that high level, they got it right. ... Further down, it gets murky really fast,” said Andrew Ginter, vice president of industrial security at Waterfall Security Solutions, whose clients include power plants and water-treatment facilities.

    “The NIST framework never uses the word 'firewall.' It's that abstract,” he said, referring to a common standard component of network security.

    The framework offers sweeping categories such as “access control” or “data security” to evaluate how effectively a company identifies and protects network assets, and detects, responds to and recovers from breaches, on a one-to-four-tier scale for implementation.

    The categories then break into subcategories, such as keeping inventories of used software platforms and applications, ensuring that top executives know roles and responsibilities, and setting information security policies.

    The document also incorporates how the companies could do that while protecting privacy and civil liberties.

    The framework builds on and references existing regulations, many of which were developed for specific sectors, such as energy and financial services.

    “It can get really quite hard” studying and balancing various existing standards, said Dave Burg, who advises corporations on cybersecurity strategies at consultancy PricewaterhouseCoopers. “This framework will provide a very nice baseline against which companies can test themselves.”

    You May Like

    Self-doubt, Cultural Barriers Hinder Cambodian Women in Tech

    Longtime Cambodian tech observer Sok Sikieng says that although more women have joined profession in recent years, there remain significant factors hindering women from reaching tech potential

    Trans-Adriatic Pipeline to Boost European Energy Security

    $4.5 billion-pipeline will become operational in 2020 and will deliver gas from Azerbaijan’s Shah Deniz II field to southern Italy

    Video California Celebration Showcases Local Wines, Balloons

    Annual festival showcases the region's harvested agriculture, fine wines and offers opportunities to experience the gentle breeze in a hot air balloon flight

    This forum has been closed.
    Comments
         
    There are no comments in this forum. Be first and add one

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Vietnamese-American Youth Optimistic About Obama's Visit to Vietnami
    X
    Elizabeth Lee
    May 22, 2016 6:04 AM
    U.S. President Barack Obama's visit to Vietnam later this month comes at a time when Vietnam is seeking stronger ties with the United States. Many Vietnamese Americans, especially the younger generation, are optimistic Obama’s trip will help further reconciliation between the two former foes. Elizabeth Lee has more from the community called "Little Saigon" located south of Los Angeles.
    Video

    Video Vietnamese-American Youth Optimistic About Obama's Visit to Vietnam

    U.S. President Barack Obama's visit to Vietnam later this month comes at a time when Vietnam is seeking stronger ties with the United States. Many Vietnamese Americans, especially the younger generation, are optimistic Obama’s trip will help further reconciliation between the two former foes. Elizabeth Lee has more from the community called "Little Saigon" located south of Los Angeles.
    Video

    Video First-generation, Afghan-American Student Sets Sights on Basketball Glory

    Their parents are immigrants to the United States. They are kids who live between two worlds -- their parents' homeland and the U.S. For many of them, they feel most "American" at school. It can be tricky balancing both worlds. In this report, produced by Beth Mendelson, Arash Arabasadi tells us about one Afghan-American student who seems to be coping -- one shot at a time.
    Video

    Video Newest US Citizens, Writing the Next Great Chapter

    While universities across the United States honor their newest graduates this Friday, many immigrants in downtown Manhattan are celebrating, too. One hundred of them, representing 31 countries across four continents, graduated as U.S. citizens, joining the ranks of 680,000 others every year in New York and cities around the country.
    Video

    Video Vietnam Sees Strong Economic Growth Despite Incomplete Reforms

    Vietnam has transformed its communist economy to become one of the world's fastest-growing nations. While the reforms are incomplete, multinational corporations see a profitable future in Vietnam and have made major investments -- as VOA's Jim Randle reports.
    Video

    Video Qatar Denies World Cup Corruption

    The head of Qatar’s organizing committee for the 2022 World Cup insists his country's bid to host the soccer tournament was completely clean, despite the corruption scandals that have rocked the sport’s governing body, FIFA. Hassan Al-Thawadi also said new laws would offer protection to migrants working on World Cup construction projects. VOA's Henry Ridgwell reports.
    Video

    Video Infrastructure Funding Puts Cambodia on Front Line of International Politics

    When leaders of the world’s seven most developed economies meet in Japan next week, demands for infrastructure investment world wide will be high on the agenda. Japanese Prime Minister Shinzo Abe’s push for “quality infrastructure investment” throughout Asia has been widely viewed as a counter to the rise of Chinese investment flooding into region.
    Video

    Video Democrats Fear Party Unity a Casualty in Clinton-Sanders Battle

    Democratic presidential front-runner Hillary Clinton claimed a narrow victory in Tuesday's Kentucky primary even as rival Bernie Sanders won in Oregon. Tensions between the two campaigns are rising, prompting fears that the party will have a difficult time unifying to face the presumptive Republican nominee, Donald Trump. VOA national correspondent Jim Malone has more from Washington.
    Video

    Video Portrait of a Transgender Marriage: Husband and Wife Navigate New Roles

    As controversy continues in North Carolina over the use of public bathrooms by transgender individuals, personal struggles with gender identity that were once secret are now coming to light. VOA’s Tina Trinh explored the ramifications for one couple as part of trans.formation, a series of stories on transgender issues.
    Video

    Video Amerikan Hero Flips Stereotype of Middle Eastern Character

    An Iranian American comedian is hoping to connect with American audiences through a film that inverts some of Hollywood's stereotypes about Middle Eastern characters. Sama Dizayee reports.
    Video

    Video Budding Young Inventors Tackle City's Problems with 3-D Printing

    Every city has problems, and local officials and politicians are often frustrated by their inability to solve them. But surprising solutions can come from unexpected places. Students in Baltimore. Maryland, took up the challenge to solve problems they identified in their city, and came up with projects and products to make a difference. VOA's June Soh has more on a digital fabrication competition primarily focused on 3-D design and printing. Carol Pearson narrates.

    Special Report

    Adrift The Invisible African Diaspora