A set of recommendations intended for IT infrastructure companies has been provided by the White House in an attempt to combat the increase in cybersecurity attacks. Now that the vast majority of things that people do are online, criminals have been stepping up their cybersecurity attacks in order to hurt businesses and consumers.
The voluntary guidelines provided by the White House are simply an outline of things that it would like to see the industry adapt to but no requirements are being made. Certain ideas, like the creation of a database of the cybersecurity attacks, are not currently being included in the White House’s guidelines.
While I believe today’s framework marks a turning point, it’s clear that much more work needs to be done to enhance our cybersecurity…America’s economic prosperity, national security and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure and reliable Internet. – President Barack Obama
The guidelines are only the first iteration of the Framework for Improving Critical Infrastructure Cybersecurity which is part of an executive order from the President, whom believes that cyberthreats are one of the most dangerous types of threats that the country now faces.
Some members of the IT industry are unhappy with the thought of the government intruding in private business practices but in reality, these recommendations do not actually require the companies to do anything. However a plethora of studies have shown that a cyberattack can result in thousands (or millions) of dollars in damages for the companies involved, so they have an incentive to boost security as it is.
The framework is made of three parts:
- Core. A set of common activities that should be used in all programs, providing a high-level view of risk management.
- Profiles. These help each organization align cybersecurity activities with its own business requirements, and to evaluate current risk management activities and prioritize improvements.
- Tiers. Tiers allow users to evaluate cybersecurity implementations and manage risk. Four tiers describe the rigor of risk management and how closely it is aligned with business requirements.
Proponents of this type of framework have already begun to criticize the White House’s guidelines for not being strong enough and not acting upon all of the recommendations that security experts have been offering up in recent months.
Summary: The White House has released the first iteration of a set of guidelines meant to provide a list of best practices for the IT industry. President Obama hopes that these guidelines will be valuable in fighting back against the recent surge in cyberattacks.
Image Credit: streetsblog