Industry leaders and President Obama call the framework just a first step in creating a cybersecurity playbook for 16 US critical infrastructure sectors. But this is more than just a reference manual.

Wyatt Kash, former Editor, InformationWeek Government

February 14, 2014

2 Min Read
Illustration of core functions and activities to support cybersecurity from <a href="http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf">NIST Framework for Improving Critical Infrastructure Cybersecurity 1.0</a>

Cauley also maintains that NIST and the Department of Homeland Security, which plays a lead role in coordinating national cybersecurity efforts, must do more to clarify incentives for following the framework, and how organizations can benefit from them, before companies will invest in them.

Russell Schrader, senior associate general council for Visa, voiced support for NIST's efforts to centralize best-practices, but cautioned NIST "to avoid centralizing implementation of security measures across a diverse economy." Schrader warned of "unintended consequences that inhibit innovation," particularly for global companies. "The ability to globally scale an effort like cybersecurity [makes it] important to avoid confusing, duplicative, or contradictory standards," he said.

Even Defense Department experts, in pre-release comments about the framework, observed that it "does not address the cybersecurity challenges of industries or sectors as a whole." The DoD recommends that NIST encourage "threat sharing" across sectors and greater attention to privacy concerns.

Though not highlighted in the final version of the framework, the preliminary draft acknowledged a number of other issues, including the need for better authentication practices, guidance on sharing threat alerts automatically, and establishing assessment activities that affirm practices conform with industry standards. Meeting the demand for workers skilled in cybersecurity and big data analytics remains another concern.

Questions also remain on how to align US and global cybersecurity practices and divergent privacy standards and manage the risks inherent in today's global, just-in-time supply chains. NIST left these issues out of its final release, characterizing them as "important but evolving areas."

White House officials said the framework would continue to evolve. They also envision it will eventually be turned over to industry, or an industry-led not-for-profit group, to administer.

"The administration was very clear that they are not looking to expand regulations," one senior official said, "but instead want to align the regulatory structure to support the adoption of the framework."

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

About the Author(s)

Wyatt Kash

Wyatt Kash

former Editor, InformationWeek Government

Wyatt Kash is a former Editor of InformationWeek Government, and currently VP for Content Strategy at ScoopMedia. He has covered government IT and technology trends since 2004, as Editor-in-Chief of Government Computer News and Defense Systems (owned by The Washington Post Co. and subsequently 1105 Media). He also was part of a startup venture at AOL, where he helped launch AOL Government. His editorial teams have earned numerous national journalism awards. He is the 2011 recipient of the G.D. Crain Award, bestowed annually on one individual nationally for outstanding career contributions to editorial excellence in American business media.

See more from Wyatt Kash
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now