Skip Links

Tech Industry Praises Cybersecurity Framework From White House

By Kenneth Corbin, CIO
February 18, 2014 09:36 AM ET

CIO - Members of the tech industry heralded the White House's announcement of a set of voluntary guidelines for businesses to improve their cybersecurity posture, suggesting that the document could spur private-sector operators of critical infrastructure to prioritize the issue within their firms.

The administration's cybersecurity framework offers a far-ranging template for businesses in various sectors of the economy, including core functions such as threat identification and response, assessment tools and guidance for aligning security with a company's business objectives.

The blueprint grew out of an executive order on cybersecurity that President Barack Obama issued last February and came as a welcome step forward for members of the tech community who have been advocating for the government to do more to encourage the private sector to improve its digital defenses.

"We believe they produced something that's very positive, that actually is a good framework for looking at cybersecurity," says Tim Molino, director of government relations at BSA, a trade group representing software and hardware companies.

'Flexible' Framework Offers Broad Guidelines

It remains to be seen the extent to which businesses will incorporate the voluntary framework into their internal cybersecurity operations, but some industry officials praise the administration for avoiding technical prescriptions and instead producing broader guidelines that can be tailored to fit in organizations across the 16 sectors of the economy that the government has designated as critical infrastructure.

"The framework is an inherently flexible, adaptable document, and because of that we believe that just about any organization can benefit from it - no matter its size or level of sophistication," says Jeff Greene, senior policy counsel at the security software vendor Symantec. "We are using it internally, and we think it likely that it will be a part of many organizations' overall security program in the coming years."

[ More: US Agencies Explore Cybersecurity Incentives for the Private Sector ][ Also: Obama's Executive Order on Cybersecurity Fighting Words to GOP ]

The government is actively encouraging businesses to adopt the framework, an effort led by the Department of Homeland Security, which has set up the Critical Infrastructure Cyber Community (C3) Voluntary Program to support that effort. Through that program, DHS offers companies resources and support staff to help implement the framework. The department says it's committed to forging stronger partnerships with private-sector firms and will support efforts to develop industry-specific guidance where appropriate.

Several tech groups praised the framework's focus on risk management, rather than pushing out a mandate for industry adoption that could simply create another compliance burden without advancing real security.

"The emphasis on voluntary standards provides the greatest likelihood that the framework will be broadly adopted," Mike Hettinger, senior vice president of the public sector division of the trade group TechAmerica, said in a statement.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News