Online attacks on the nation’s critical infrastructure are one of the most serious challenges to U.S. national security. Power generation, transportation and telecommunications are the backbone of U.S. critical infrastructure, and these sophisticated systems rely on information technology, which makes them susceptible to online attacks.
In February 2013, President Obama issued Executive Order 13636—Improving Critical Infrastructure Cybersecurity, outlining steps to reduce the risk of cyberattack on power, transportation, and telecom networks.
On October 22, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework. The framework is the first step in helping critical infrastructure owners and operators reduce the risk of cyberattack. It outlines a set of steps that can be customized to various sectors and adapted by both large and small organizations while providing a consistent approach to cybersecurity. It also helps identify and prioritize opportunities for improvement within the context of risk management and to assess progress toward cybersecurity goals.
In the near future, NIST will provide an opportunity for the public to submit comments on the framework. The Office of Advocacy will issue a Regulatory Alert when the public comment period opens. NIST plans to release the official framework in February 2014, as called for in the executive order.
—Assistant Chief Counsel Major Clark III