A new cybersecurity framework released Wednesday by U.S. President Barack Obama's administration aims to help operators of critical infrastructure develop comprehensive cybersecurity programs.
The voluntary framework creates a consensus on what a good cybersecurity program looks like, senior administration officials said. The 41-page framework takes a risk management approach that allows organizations to adapt to "a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner," according to the document.
Organizations can use the framework to create a "credible" cybersecurity program if they don't already have one, said one senior Obama administration official. "The key message is that cybersecurity is not something you just put in place and walk away," the official said, in a background press briefing. "There's no prescription or magic bullet for cybersecurity. There are only well-conceived, proven ways of continuously managing the risks."
The framework, building on a presidential directive from a year ago, can help "companies prove to themselves and to their stakeholders that good cybersecurity can be the same thing as good business," the official said.
Obama called the framework, developed by the U.S. National Institute of Standards and Technology with input from businesses, a "turning point" in the national discussion about cybersecurity. "It's clear that much more work needs to be done to enhance our cybersecurity," he said in a statement.A "Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas."
Click headline to read more--