One year to the day after President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, NIST has released its Cybersecurity Framework 1.0, “Framework for Improving Critical Infrastructure Cybersecurity”
According to the document’s executive summary, “The Framework, created through collaboration between government and the private sector, uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.
Whether it succeeds in that no doubt will be a matter of discussion over the coming days and weeks. However, one company, Rockwell Automation, who participated in the Framework’s development process, has already endorsed it.
Given the problems our colleagues in retail have been having lately and the vulnerabilities in our own industry, which, let’s face it, is into “critical infrastructure,” from the neck down, it would probably be a good idea to put the Framework on the top of your “must read” pile.