Twelve months ago, the President laid out an exceptional challenge for the federal government: to develop a framework of best practices and standards to help the critical infrastructure sector improve its cybersecurity, while protecting privacy and civil liberties, based on the thinking of the best minds in industry, academia, and advocacy groups.
Twelve months may seem like a long time, but for an issue as complex as cybersecurity that touches, well, everybody, this was an extraordinary goal. But there was no question that we had to rise to this challenge, because near-term action was critical to shoring up our collective defenses against increasing cyber-based threats to our critical infrastructure, our economy, our personal information, and indeed the way we operate on the internet every day. And we have had continued reminders of the urgent need to increase our cyber protections over the course of the past year, as news reports of data breaches and denial of service attacks have become more frequent.
Well, I’m proud to say that we – collectively – have done it. After a year-long sprint, the Department of Commerce’s National Institute of Standards and Technology (NIST) published the finalized version of the first Framework for Improving Critical Infrastructure Cybersecurity on February 12. And we are seeing very positive responses just a week after the release. Businesses, state government, advocacy groups, and even foreign partners have come out to support the Framework and recognize the importance of this initial step on the road to improved cybersecurity. Companies have begun to use the framework to aid in communication with their Boards and C-suites and have told us that it can provide a valuable tool to communicate security requirements with their supply chain. And we are gratified that others are enthusiastic as well.
I’m not going to go into too many details of what’s in the Framework; you can read about that on NIST’s website and you can read about our program to support voluntary adoption on DHS’s website. And of course, you can read the President’s statement about the Cybersecurity Framework, and the White House press release to find out more.
Instead, what I want to emphasize here are four key points:
As with all things involving security, we will never be “done” working to make improvements. But there are some key next steps where DHS and NIST need your help:
I want to conclude by thanking our government team for what has been a truly remarkable effort over the past 12 months. But even more, I want to thank our partners in industry, academia, state and local government, and advocacy groups for their thoughtful engagement in this process. I look forward to continuing to work with all of you to make our shared cyber ecosystem more secure.
Michael Daniel is Special Assistant to the President and the Cybersecurity Coordinator.