The nation’s economy is based on reliable functioning technology infrastructure. To strengthen the resilience of this infrastructure, in 2013, President Obama issued Executive Order (EO) 13636 that initiated the development of a voluntary cybersecurity framework. This framework is neatly tucked under the U.S. Department of Commerce in an industry library called the National Institute for Standards and Technology (NIST). Information about NIST is available at www.nist.gov.
NIST helps industries across the nation, define standards and best practices, one of which is a topic focused on cybersecurity. Because there are increasing pressures from external and internal threats, organizations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risk. This cybersecurity framework sets forth standards, methodologies, and best practices focused on security and privacy to address current and future technology and information security challenges.
President Obama’s executive order focuses on “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
The NIST cybersecurity framework provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” to manage cybersecurity risk. It provides guidance to organizations about how to manage cybersecurity risk by scrutinizing the processes, information, and systems directly involved in the delivery of critical infrastructure services.
And that is the birth of the NIST cybersecurity framework (www.nist.gov/cybersecurity).