News / Science & Technology

Obama Administration Offers Companies Broad Standards to Improve Cybersecurity

Reuters
The U.S. government on Wednesday released the final version of standards meant to help companies in nationally critical industries better defend against cyber attacks, and officials now face the challenge of getting the private sector to adopt the voluntary measures.

Criticized for being too vague and toothless, the so-called cybersecurity framework turned a vast amount of industry input into guidelines designed for 16 different sectors whose disruption could be devastating to the country.

The release from the National Institute of Standards and Technology comes exactly one year after President Barack Obama issued an executive order directing the agency to compile voluntary minimum cybersecurity standards as one step to counter the lack of progress on cybersecurity law in Congress.

“While I believe today's Framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity,” Obama said in a statement.

“I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties,” he said. “Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat.”

The framework, drafted by the nonregulatory government agency in consultation with thousands of industry experts, offers broad benchmarks for companies to measure the effectiveness of their cyber defenses.

The Obama administration had faced intense pushback from the private sector on its earlier effort to mandate cyber defense standards, which contributed to stalled legislation. Now, the White House hopes companies voluntarily adopt the framework they have helped draft.

“This voluntary Framework is a great example of how the private sector and government can, and should, work together to meet this shared challenge,” Obama said, and a senior administration official called the framework the beginning of a “continuing common-sense conversation” about protecting the nation's critical assets from cyber attacks.

“I think that the NIST standards will become over the next year or two, while we are waiting for legislation, the de facto best practices, just because they are accessible and current,” said Jonathan Fairtlough, managing director at Kroll Advisory Solutions' cyber investigations practice.

Will private sector adapt standards?

Cybersecurity experts warn that relentless efforts to hack into U.S. banks and financial institutions, the power grid and other critical infrastructure, paired with instances of disruptive attacks abroad, pose a national security threat.

The issue recently became a household topic after hackers stole about 40 million credit and debit card records and 70 million other records with personal customer data from the third-largest U.S. retailer, Target Corp.

Many experts have expressed alarm about the lack of awareness or reluctance among some companies' leadership to spend more money on cyber defenses. The framework could force the issue into more executive suites, analysts say.

“At a minimum, it's going to force this conversation up the food chain, out of the CEO office into the boardroom,” said Tom Kellermann, a former member of Obama's Commission on Cyber Security and software company executive now with professional services firm Alvarez & Marsal.

But it is unclear whether the private sector, always concerned about liabilities attached to any standards, would widely adopt the voluntary framework.

The departments of Homeland Security, Commerce and Treasury are reviewing potential incentives for adoption, though some companies worry that incentives will come with strings attached and prompt more regulatory oversight or threat of lawsuits.

The White House has emphasized the voluntary nature of the framework and the need for companies to view cybersecurity as a business decision, part of its risk-management strategy.

“We may not ever know how widely the framework has been adopted, because obviously there's not a requirement,” a second senior Obama administration official said on Wednesday. “There's an enlightened sense here that we're counting on.”

Department of Homeland Security on Wednesday also launched a program called Critical Infrastructure Cyber Community that would help companies reach out to the government for assistance in adopting the framework, and that participation may help gage the popularity of the standards, the official said.

Questions about effectiveness

But it is also unclear how effective the framework will prove in practice.

“At that high level, they got it right. ... Further down, it gets murky really fast,” said Andrew Ginter, vice president of industrial security at Waterfall Security Solutions, whose clients include power plants and water-treatment facilities.

“The NIST framework never uses the word 'firewall.' It's that abstract,” he said, referring to a common standard component of network security.

The framework offers sweeping categories such as “access control” or “data security” to evaluate how effectively a company identifies and protects network assets, and detects, responds to and recovers from breaches, on a one-to-four-tier scale for implementation.

The categories then break into subcategories, such as keeping inventories of used software platforms and applications, ensuring that top executives know roles and responsibilities, and setting information security policies.

The document also incorporates how the companies could do that while protecting privacy and civil liberties.

The framework builds on and references existing regulations, many of which were developed for specific sectors, such as energy and financial services.

“It can get really quite hard” studying and balancing various existing standards, said Dave Burg, who advises corporations on cybersecurity strategies at consultancy PricewaterhouseCoopers. “This framework will provide a very nice baseline against which companies can test themselves.”

You May Like

Tired of Waiting, South Africans Demand Change ‘Now’

With chronic poverty and lack of basic services largely fueling recent xenophobic attacks, many in Rainbow Nation say it’s time for government to act More

Challenges Ahead for China's Development Plans in Pakistan

Planned $46 billion in energy and infrastructure investments in Pakistan are aimed at transforming the country into a regional hub for trade and investment More

Audio 'Forbidden City' Revisits Little Known Era of Asian-American Entertainment

Little-known chapter of entertainment history captured in 80s documentary is revisited in new digitally remastered format and book More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Study: Insecticide Damaging Wild Bee Populationsi
X
April 24, 2015 10:13 PM
A popular but controversial type of insecticide is damaging important wild bee populations, according to a new study. VOA’s Steve Baragona has more.
Video

Video Study: Insecticide Damaging Wild Bee Populations

A popular but controversial type of insecticide is damaging important wild bee populations, according to a new study. VOA’s Steve Baragona has more.
Video

Video Data Servers Could Heat Private Homes

As every computer owner knows, when their machines run a complex program they get pretty hot. In fact, cooling the processors can be expensive, especially when you're dealing with huge banks of computer servers. But what if that energy could heat private homes? VOA’s George Putic reports that a Dutch energy firm aims to do just that.
Video

Video Cinema That Crosses Borders Showcased at Tribeca Film Festival

Among the nearly 100 feature length films being shown at this year’s Tribeca Film Festival in New York City are more than 20 documentaries and features with international appeal, from a film about a Congolese businessman in China, to documentaries shot in Pakistan and diaspora communities in the U.S., to a poetic look at disaffected South African youth. VOA’s Carolyn Weaver has more.
Video

Video UN Confronts Threat of Young Radicals

The radicalization and recruitment of young people into Islamist extremist groups has become a growing challenge for governments worldwide. On Thursday, the U.N. Security Council heard from experts on the issue, which has become a potent threat to international peace and security. VOA’s Margaret Besheer reports.
Video

Video Growing Numbers of Turks Discover Armenian Ancestry

In a climate of improved tolerance, growing numbers of people in Turkey are discovering their grandmothers were Armenian. Hundreds of thousands of Armenians escaped the mass deportations and slaughter of the early 1900's by forced conversion to Islam. Or, Armenian children were taken in by Turkish families and assimilated. Now their stories are increasingly being heard. Dorian Jones reports from Istanbul that the revelations are viewed as an important step.
Video

Video Migrants Trek Through Western Balkans to Reach EU

Migrants from Africa and other places are finding different routes into the European Union in search of a better life. The Associated Press followed one clandestine group to document their trek through the western Balkans to Hungary. Zlatica Hoke reports that the migrants started using that route about four years ago. Since then, it has become the second-most popular path into Western Europe, after the option of sailing from North Africa to Italy.
Video

Video TIME Magazine Honors Activists, Pioneers Seen as Influential

TIME Magazine has released its list of celebrities, leaders and activists, whom it deems the world’s “most influential” in 2015. VOA's Ramon Taylor reports from New York.
Video

Video US Businesses See Cuba as New Frontier

The Obama administration's opening toward Cuba is giving U.S. companies hope they'll be able to do business in Cuba despite the continuation of the U.S. economic embargo against the communist nation. Some American companies have been able to export some products to Cuba, but the recent lifting of Cuba's terrorism designation could relax other restrictions. As VOA's Daniela Schrier reports, corporate heavy hitters are lining up to head across the Florida Straits - though experts urge caution.
Video

Video Kenya Launches Police Recruitment Drive After Terror Attacks

Kenya launched a major police recruitment drive this week as part of a large-scale effort to boost security following a recent spate of terror attacks. VOA’s Gabe Joselow reports that allegations of corruption in the process are raising old concerns about the integrity of Kenya’s security forces.
Video

Video Japan, China in Race for Asia High-Speed Rail Projects

A lucrative competition is underway in Asia for billions of dollars in high-speed rail projects. Cambodia, India, Indonesia, Malaysia Thailand and Vietnam are among the countries planning to move onto the fast track. They are negotiating with Japan and the upstart Chinese who are locked in a duel to revolutionize transportation across Asia. VOA Correspondent Steve Herman in Bangkok has details.
Video

Video Scientists: Mosquitoes Attracted By Our Genes

Some people always seem to get bitten by mosquitoes more than others. Now, scientists have proved that is really the case - and they say it’s all because of genes. It’s hoped the research might lead to new preventative treatments for diseases like malaria, as Henry Ridgwell reports from London.
Video

Video Bible Museum Coming to Washington DC

Washington is the center of American political power and also home to some of the nation’s most visited museums. A new one that will showcase the Bible has skeptics questioning the motives of its conservative Christian funders. VOA religion correspondent Jerome Socolovsky reports.
Video

Video Armenia and Politics of Word 'Genocide'

A century ago this April, hundreds of thousands of Armenians of the Turkish Ottoman empire were deported and massacred, and their culture erased from their traditional lands. While broadly accepted by the U.N. and at least 20 countries as “genocide”, the United States and Turkey have resisted using that word to describe the atrocities that stretched from 1915 to 1923. But Armenians have never forgotten.
Video

Video Afghan First Lady Pledges No Roll Back on Women's Rights

Afghan First Lady Rula Ghani, named one of Time's 100 Most Influential, says women should take part in talks with Taliban. VOA's Rokhsar Azamee has more from Kabul.
Video

Video New Brain Mapping Techniques Could Ease Chronic Pain

From Boulder, Colorado, Shelley Schlender reports that new methods for mapping pain in the brain are providing validation for chronic pain and might someday guide better treatment.

VOA Blogs