White House unveils Cybersecurity Framework

White House unveils Cybersecurity Framework

Summary: The Framework is described to be "a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity."


The White House recently looked to the private sector (especially Silicon Valley) for help repairing Healthcare.gov, and now the Obama administration doing so again to step up cybersecurity.

A year in the making since the 2013 State of the Union as the result of an Executive Order last February, the Executive Branch has introduced the Cybersecurity Framework, described to be "a voluntary how-to guide for organizations in the critical infrastructure community to enhance their cybersecurity."

The best practices and guidelines within the Framework are structured around three primary components: the Framework Core, Profiles, and Tiers -- each said to also include advice in balancing these regulations with privacy concerns.

In a statement on Wednesday, President Obama explained further that the National Institute of Standards and Technology "has worked with the private sector to develop a Cybersecurity Framework that highlights best practices and globally recognized standards so that companies across our economy can better manage cyber risk to our critical infrastructure."

The White House stressed that abiding by the Framework is voluntary, but added that the Department of Homeland Security will be tasked with boosting awareness for the program as well as brainstorming potential incentives.

The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks. For organizations that don’t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate with their CEOs and with suppliers about management of cyber risks. Organizations outside the United States may also wish use the Framework to support their own cybersecurity efforts.

The first version of the Framework for Improving Critical Infrastructure Cybersecurity is available online now.

Topics: Government US, Big Data, Data Management, Legal, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Is this too much?

    Thank you for posting this article. I am an undergraduate student with Drury University and am studying ethics in communication. After reading it I am curious if the Government is reaching too far into the private sector. I can totally understand if this is something that is being pushed to other government agencies, but not to the private sector. In the article you stated that voluntary. A White House official was quotes saying, "The goal is not to expand regulation." (Jackson, 2014) From what I read in Jackson's article the goal is not to own this cyber security infrastructure. Is this crossing the line between public and private sector? I know that it seems that people want to the GOV to take care of them, but with the fact that they may have been tracking people, does this seem too much? My hope is that this will be allowed to grow on its own and not be ran by the government. To me this is an excellent way to ensure everyone can be safe and increase the use of technology at the same time.

    I think this is a move in the right direction.

    John C. W.
    Undergraduate Student
    Drury University
    John C. W.
    • Reference

      Forgot to post the reference.

      John C. W.