Posted on 02/13/2014 4:51:02 AM PST by Libloather
The Obama administration on Wednesday released a long-awaited framework for cybersecurity that is intended to nudge businesses toward strengthening their networks against attacks.
The voluntary guidance, established by President Obama via executive order and developed by the Commerce Departments National Institute of Standards and Technology, gives critical infrastructure companies a guidebook for ways to prevent and respond to the growing threat of cyberattacks.
The framework includes a core that outlines standards that companies can implement to identify, detect, respond to and recover from cyber threats.
The goal is not to expand regulation, one administration official said. Our goal is to streamline existing regulations wherever possible.
President Obama took executive action on cybersecurity last year after legislation stalled in Congress.
The official on Wednesday urged lawmakers to move forward with a legislative fix but said the framework stands on its own.
Regardless of what happens between the administration and the Hill ... the cybersecurity framework is an incredibly powerful tool, the official said.
The framework includes a description of four tiers of implementation that a company can use to compare its own cybersecurity practices to the standards set in the framework, as well as a description of how a company can evaluate its cybersecurity profile and identify areas to improve.
A draft of the framework was released in October, and NIST received thousands of public comments in the lead-up to the release of the document Wednesday.
While the document largely reflects the draft from October, one change noted by senior administration officials is the section on privacy and civil liberties. While the October draft had a lengthy appendix on the topic, those issues were incorporated into the framework released Wednesday.
Based on the public comments the NIST received, there was not sufficient support for a standalone appendix, the official said. In response, that has been integrated into the main body of the framework.
The officials touted input from the private sector and said the framework gives companies flexibility.
The initiative does not provide any incentives for companies to participate. The officials noted that companies have a business interest to best protect their networks.
One official said establishing incentives "is a key endeavor," and vowed to work with the industry and policymakers to consider them.
The federal government is going to do its best to make the cost of using the framework lower and the benefits of using the framework higher.
Under Obama's executive order, federal agencies that oversee critical infrastructure industries are also encouraged to streamline their cybersecurity requirements and recommendations with the framework.
White House offers cybersecurity tips
Well, understandably. That would be akin to a recently-robbed homeowner touting how great his alarm system is.
You know? I think they really don’t even understand what they’re talking about. It’s like in some of those movies where a bunch of guys are out drinking, come home and party and then pass out one by one.
In the morning, one of them (the guy that feel asleep first) wakes up, not realizing the others have drawn a nice representation of genitals near his pie hole.
While much of the ineptitude is precisely that, much also is naked hubris, and often tauntingly so.
Make no mistake - the war with those fascist bastards is already underway; the shooting part just hasn't started .. yet.
- - -
sorry Gaffer, that's prolly a more dour reply than your post deserved, but the old adage has never been more true than now:
** if you're not angry, you're not paying attention **
Remember that not one Congressman (to my knowledge) has asked for the documentation on the security certification of healthcare.gov. They accept accept Frau Blucher Sebellius’ word as if she’s honest. The GOP is all in.
For a reason bet all that data was hacked or sold from the get go.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.