US debuts cyber security framework


To protect critical infrastructure.

The United State government has launched its Cybersecurity Framework, in an effort to educate organisations on the risks facing critical infrastructure systems.

The 44-page framework is a result of a year-long project in which businesses and individuals collaborated on the best standards, practices and guidelines to improve critical infrastructure cyber security. These ideas were finalised and bound together by the US National Institute of Standards and Technology (NIST).

The Cybersecurity Framework, which formed part of the “Improvement of Critical Infrastructure Cybersecurity” announced by US President Obama at the 2013 State of the Union, is voluntary, but will be promoted by the US Department of Homeland Security’s new Critical Infrastructure Cyber Community (c3) Voluntary Program.

The framework has three components – framework core, profiles and tiers – and also guides companies on privacy and civil liberties. Furthermore, the framework provides a cyber security roadmap for beginners, while participants will also be able to share lessons learnt and get free tools to improve their security operations.

The framework core is essentially a set of cyber-security ‘best practices’ and can be called upon by CNI sectors to tackle important stages of cyber defence – from identity and detect to respond and recover. Profiles are more focused on aligning cyber security measures with business requirements, while tiers breaks down a company’s cyber management practises.

President Obama said the framework was a “turning point” in the national discussion about cyber security.

“It’s clear that much more work needs to be done to enhance our cybersecurity,” he said in a statement.

“Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the internet remains an engine for economic growth and a platform for the free exchange of ideas.”

The Australian Government last year launched a national cyber security co-ordination hub to bring together members of security and law enforcement agencies to better deal with cyber threats.

This article originally appeared at
Copyright © SC Magazine, UK edition