Subscription Center  

News

In an article on February 13, 2014, eWEEK quoted Venable partner and retired Navy Rear Admiral Jamie Barnett on the Cybersecurity Framework just issued this week by the Obama administration. The framework comes a year after President Obama announced Executive Order 13636, which called for improving cybersecurity for critical infrastructure. Pieced together by the National Institute of Standards and Technology in concert with industry groups, the framework outlines best practices and assessment tools for critical infrastructure operators to protect against cyber attacks.

Barnett said the Cybersecurity Framework is an achievement of government-initiated, industry-led collaboration with promise for improving cybersecurity. It is important to remember the reason Executive Order 13636 was issued, which is the fact that comprehensive legislation to address cyber-security was not advancing or even proposed.

While the new framework is an advancement, it also has some limits. No mechanism exists for measuring whether companies are adopting the framework or how well they are implementing the framework, other than self-assessment. “The incentives for adoption may not be enough, and legislation would be required for really meaningful incentives,” he said. Without assessment tools and incentives, knowing whether or not the Cybersecurity Framework is working will not be easily possible. “The framework is not a standard and, in fact, references numerous other standards, allowing each critical infrastructure entity to choose those standards most appropriate to its situation,” he said.