Last week, President Obama signed an Executive Order to strengthen the cybersecurity of this nation’s critical infrastructure. Threats from cyber attacks that could disrupt our power, water, and other critical systems are one of the most pressing risks facing both our nation’s security and our nation’s economy in the 21st century. So, in the absence of legislation to mitigate these threats to our infrastructure, the Executive Order directs federal agencies to use their existing authorities and work with the private sector to better protect our nation’s critical systems.
We at the Commerce Department have an important role to play when it comes to strengthening the nation’s cybersecurity. In accordance with the president’s Executive Order, Commerce’s National Institute of Standards and Technology (NIST) will be leading the development of one of the Executive Order’s principle outcomes: a voluntary Cybersecurity Framework to reduce cyber risks.
NIST will work collaboratively with industry to develop a framework of voluntary standards, relying on existing international standards, practices, and procedures that have proven to be effective. On February 13, NIST announced that it would issue a Request for Information from critical infrastructure owners and operators, federal agencies, state, local, territorial and tribal governments, standards-setting organizations, other industries, consumers, solution providers and other stakeholders.
Even as we work to reduce risks, we must also protect the innovation and prosperity that has flowed from the Internet and e-commerce–improving the lives of millions of Americans and people across the globe. That is why the Cybersecurity Framework will not dictate “one-size-fits-all” technological solutions. By collaborating with private-sector leaders who are already implementing strong controls, NIST will develop a wide range of flexible, voluntary standards that encourage innovation.
The Framework is one of many ways the president’s Executive Order will strengthen the cybersecurity of our nation’s businesses. The Executive Order also calls for new information sharing programs to provide both classified and unclassified threat and attack information to U.S. companies in a timely manner, and requests that regulatory agencies use the Cybersecurity Framework to assess the effectiveness of their cybersecurity regulations.
At the Commerce Department, we are committed to helping American businesses address their cybersecurity issues and risks so that our economy can continue to grow. But we will need your help, because cybersecurity risks are best addressed when the private sector and the government work together. Businesses need to be both aware of cybersecurity problems and proactive in adopting best practices to protect themselves and our economy. Businesses can learn more by visiting http://www.nist.gov/itl/cyberframework.cfm.