News / Science & Technology

Obama Administration Offers Companies Broad Standards to Improve Cybersecurity

Reuters
The U.S. government on Wednesday released the final version of standards meant to help companies in nationally critical industries better defend against cyber attacks, and officials now face the challenge of getting the private sector to adopt the voluntary measures.

Criticized for being too vague and toothless, the so-called cybersecurity framework turned a vast amount of industry input into guidelines designed for 16 different sectors whose disruption could be devastating to the country.

The release from the National Institute of Standards and Technology comes exactly one year after President Barack Obama issued an executive order directing the agency to compile voluntary minimum cybersecurity standards as one step to counter the lack of progress on cybersecurity law in Congress.

“While I believe today's Framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity,” Obama said in a statement.

“I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties,” he said. “Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat.”

The framework, drafted by the nonregulatory government agency in consultation with thousands of industry experts, offers broad benchmarks for companies to measure the effectiveness of their cyber defenses.

The Obama administration had faced intense pushback from the private sector on its earlier effort to mandate cyber defense standards, which contributed to stalled legislation. Now, the White House hopes companies voluntarily adopt the framework they have helped draft.

“This voluntary Framework is a great example of how the private sector and government can, and should, work together to meet this shared challenge,” Obama said, and a senior administration official called the framework the beginning of a “continuing common-sense conversation” about protecting the nation's critical assets from cyber attacks.

“I think that the NIST standards will become over the next year or two, while we are waiting for legislation, the de facto best practices, just because they are accessible and current,” said Jonathan Fairtlough, managing director at Kroll Advisory Solutions' cyber investigations practice.

Will private sector adapt standards?

Cybersecurity experts warn that relentless efforts to hack into U.S. banks and financial institutions, the power grid and other critical infrastructure, paired with instances of disruptive attacks abroad, pose a national security threat.

The issue recently became a household topic after hackers stole about 40 million credit and debit card records and 70 million other records with personal customer data from the third-largest U.S. retailer, Target Corp.

Many experts have expressed alarm about the lack of awareness or reluctance among some companies' leadership to spend more money on cyber defenses. The framework could force the issue into more executive suites, analysts say.

“At a minimum, it's going to force this conversation up the food chain, out of the CEO office into the boardroom,” said Tom Kellermann, a former member of Obama's Commission on Cyber Security and software company executive now with professional services firm Alvarez & Marsal.

But it is unclear whether the private sector, always concerned about liabilities attached to any standards, would widely adopt the voluntary framework.

The departments of Homeland Security, Commerce and Treasury are reviewing potential incentives for adoption, though some companies worry that incentives will come with strings attached and prompt more regulatory oversight or threat of lawsuits.

The White House has emphasized the voluntary nature of the framework and the need for companies to view cybersecurity as a business decision, part of its risk-management strategy.

“We may not ever know how widely the framework has been adopted, because obviously there's not a requirement,” a second senior Obama administration official said on Wednesday. “There's an enlightened sense here that we're counting on.”

Department of Homeland Security on Wednesday also launched a program called Critical Infrastructure Cyber Community that would help companies reach out to the government for assistance in adopting the framework, and that participation may help gage the popularity of the standards, the official said.

Questions about effectiveness

But it is also unclear how effective the framework will prove in practice.

“At that high level, they got it right. ... Further down, it gets murky really fast,” said Andrew Ginter, vice president of industrial security at Waterfall Security Solutions, whose clients include power plants and water-treatment facilities.

“The NIST framework never uses the word 'firewall.' It's that abstract,” he said, referring to a common standard component of network security.

The framework offers sweeping categories such as “access control” or “data security” to evaluate how effectively a company identifies and protects network assets, and detects, responds to and recovers from breaches, on a one-to-four-tier scale for implementation.

The categories then break into subcategories, such as keeping inventories of used software platforms and applications, ensuring that top executives know roles and responsibilities, and setting information security policies.

The document also incorporates how the companies could do that while protecting privacy and civil liberties.

The framework builds on and references existing regulations, many of which were developed for specific sectors, such as energy and financial services.

“It can get really quite hard” studying and balancing various existing standards, said Dave Burg, who advises corporations on cybersecurity strategies at consultancy PricewaterhouseCoopers. “This framework will provide a very nice baseline against which companies can test themselves.”

You May Like

Missouri Town Braces for Possible Racial Unrest

Situation in Ferguson hinges on whether white police officer will be indicted for August shooting death of unarmed black teen; decision could come Monday More

Video Ukraine Marks Anniversary of 1930s Deadly Famine

President Poroshenko compares Soviet-era ‘genocide’ to current tactics of pro-Russia rebels in Ukraine's east More

S. Philippines Convictions Elusive 5 Years After Election-related Killings

Officials vowed to deliver justice as the nation marked the anniversary of the country's worst political massacre that left 58 dead, more than half media More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
New Skateboard Defies Gravityi
X
November 21, 2014 5:07 AM
A futuristic dream only a couple of decades ago, the hoverboard – a skateboard that floats above the ground - has finally been made possible. While still not ready for mass production, it promises to become a cool mode of transport... at least over some surfaces. VOA’s George Putic reports.
Video

Video New Skateboard Defies Gravity

A futuristic dream only a couple of decades ago, the hoverboard – a skateboard that floats above the ground - has finally been made possible. While still not ready for mass production, it promises to become a cool mode of transport... at least over some surfaces. VOA’s George Putic reports.
Video

Video Falling Gas Prices Impact US Oil Extraction

With the price of oil now less than $80 a barrel, motorists throughout the United States are benefiting from gas prices below $3 a gallon. But as VOA’s Kane Farabaugh reports, the decreasing price of petroleum has a downside for the hydraulic fracturing industry in the United States.
Video

Video Tensions Build on Korean Peninsula Amid Military Drills

It has been another tense week on the Korean peninsula as Pyongyang threatened to again test nuclear weapons while the U.S. and South Korean forces held joint military exercises in a show of force. VOA’s Brian Padden reports from the Kunsan Air Base in South Korea.
Video

Video Mama Sarah Obama Honored at UN Women’s Entrepreneurship Day

President Barack Obama's step-grandmother is in the United States to raise money to build a $12 million school and hospital center in Kogelo, Kenya, the birthplace of the president's father, Barack Obama, Sr. She was honored for her decades of work to aid poor Kenyans at a Women's Entrepreneurship Day at the United Nations.
Video

Video Gay Evangelicals Argue That Bible Does Not Condemn Homosexuality

More than 30 U.S. states now recognize same-sex marriages, and an increasing number of mainline American churches are blessing them. But evangelical church members- which account for around 30 percent of the U.S. adult population - believe the Bible unequivocally condemns homosexuality. VOA's Jerome Socolovsky reports that gay, lesbian, bisexual and transgender evangelicals are coming out. Backed by a prominent evangelical scholar, they argue that the traditional reading of the bible is wrong.
Video

Video Ebola Economic Toll Stirs W. Africa Food Security Concerns

The World Bank said Wednesday that it expects the economic impact of the Ebola outbreak on the sub-Saharan economy to cost somewhere betweenf $3 billion to $4 billion - well below a previously-outlined worst-case scenario of $32 billion. Some economists, however, paint a gloomier picture - warning that the disruption to regional markets and trading is considerable. Henry Ridgwell reports from London.
Video

Video Mexico Protests Escalate Over Disappearances

Protests in Mexico over 43 students missing since September continue to escalate, reflecting growing anger among Mexicans about a political system they view as corrupt, and increasingly tainted by the drug trade. Mounting outrage over the disappearances is now focused on the government of President Enrique Pena Nieto, accused of not doing enough to end insecurity in the country. More from VOA's Victoria Macchi.
Video

Video US Senate Votes Down Controversial Oil Pipeline - For Now

The U.S. Senate has rejected construction of a controversial pipeline to transport Canadian oil to American refineries. The $5 billion project still could be approved next year, but it faces a possible veto by President Barack Obama. As VOA’s Michael Bowman reports, the pipeline has exposed deep divisions in Congress about America’s energy future.
Video

Video Can Minsk Cease-fire Agreement Hold?

Growing tensions between government troops and separatists in eastern Ukraine further threaten a cease-fire agreement reached two months ago in the Belarusian capital of Minsk. Critics of U.S. policy in Ukraine say it is time the Obama administration gives up on that much-violated cease-fire and moves toward a new deal with Russia. VOA's Scott Stearns has more.
Video

Video Chaos, Abuse Defy Solution in Libya

The political and security crisis in Libya is deepening, with competing governments and, according to Amnesty International, widespread human rights violations committed with impunity. VOA’s Al Pessin reports from London.
Video

Video US Hosts Record 866,000 Foreign Students

Close to 900,000 international students are studying at American universities and colleges, more than ever before. About half of them come from Asia, mostly China. The United States hosts more foreign students than any other country in the world, and its foreign student population is steadily growing. Zlatica Hoke reports.
Video

Video Ferguson Church Grapples with Race Relations

Many white residents of Ferguson, Missouri, say they chose to live there because of the American Midwest community's diversity. So, they were shocked when a white police officer killed an unarmed black teenager in August – and shaken by the resulting protests and violence. Some local churches are leading conversations on how to go forward. VOA’s Ayesha Tanzeem reports.

All About America

AppleAndroid