facebook
twitter
rss
account
search
search
 

Obama unveils 'how-to guide' to protect infrastructure

Feb. 12, 2014 at 1:43 PM   |   Comments

WASHINGTON, Feb. 12 (UPI) -- U.S. President Obama Wednesday unveiled a "voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity."

"Today the Obama administration is announcing the launch of the Cybersecurity Framework, which is the result of a yearlong private-sector-led effort to develop a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity," a White House statement said.

In a separate statement, Obama said, "Cyberthreats pose one of the gravest national security dangers that the United States faces. To better defend our nation against this systemic challenge, one year ago I signed an executive order directing the administration to take steps to improve information sharing with the private sector, raise the level of cybersecurity across our critical infrastructure, and enhance privacy and civil liberties.

"Since then, the National Institute of Standards and Technology has worked with the private sector to develop a Cybersecurity Framework that highlights best practices and globally recognized standards so that companies across our economy can better manage cyber risk to our critical infrastructure."

The president urged "Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties. Meanwhile, my administration will continue to take action, under existing authorities, to protect our nation from this threat."

The White House statement identified three framework components -- the framework core, profiles and tiers:

-- "The framework core is a set of cybersecurity activities and informative references that are common across critical infrastructure sectors. The cybersecurity activities are grouped by five functions -- identify, protect, detect, respond, recover -- that provide a high-level view of an organization's management of cyberrisks.

-- "The profiles can help organizations align their cybersecurity activities with business requirements, risk tolerances and resources. Companies can use the profiles to understand their current cybersecurity state, support prioritization and to measure progress towards a target state.

-- "The tiers provide a mechanism for organizations to view their approach and processes for managing cyberrisk. The tiers range from partial [Tier 1] to adaptive [Tier 4] and describe an increasing degree of rigor in risk management practices, the extent to which cybersecurity risk management is informed by business needs and its integration into an organization's overall risk management practices."

Topics: Barack Obama
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Featured UPI Collection
trending
Celebrity Couples of 2014 [PHOTOS]

Celebrity Couples of 2014 [PHOTOS]

Most Popular
1
Ukraine warns of "full-scale war"
2
Oregon girl dies at beach after sand pit collapse
3
Israel claims West Bank acreage for development
4
Germany to send arms to Kurds
5
Malaysia Airlines cuts fares after disasters
Trending News
Video
x
Feedback