US govt releases cyber-security framework for critical infrastructure

The US government Commerce Department’s National Institute of Standards and Technology (NIST) has released the final version of its ‘cybersecurity framework’ in a bid to better help banking, defence, utilities and other industries in countrywide to protect against cyber attacks.

Originating from an executive order issued by President Barack Obama last year, the latest ‘Framework for Improving Critical Infrastructure Cybersecurity’ enables the government to direct an information-sharing network, though its stops short of making it compulsory for companies to make disclosure of cyber threats mandatory.

The new cybersecurity framework incorporates ample amount of industry input to prepare guidelines for 16 different sectors including food and agriculture, energy and transportation systems.

Obama said in a statement that although the latest Framework marks a turning point, it’s clear that much more work needs to be done to enhance cybersecurity.

"I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties," Obama added.

"Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat."

The overall goal of the programme is to defend the so-called critical infrastructure including power grids, water systems and financial networks against cyberattacks.

Built around five broad categories including identify; protect; detect; respond; and recover, the current framework excludes tax breaks or other financial incentives, which could boost the industry to take up the framework.

US Under Secretary of Commerce for Standards and Technology, NIST Director Patrick Gallagher said that the framework provides a consensus description of what’s needed for a comprehensive cybersecurity programme.

"It reflects the efforts of a broad range of industries that see the value of and need for improving cybersecurity and lowering risk," Gallagher said.

"It will help companies prove to themselves and their stakeholders that good cybersecurity is good business."

Cyber-security has been a major issue faced by the US, which in-turn pose a national security threat.