White House sets out voluntary cybersecurity framework

White House sets out voluntary cybersecurity framework

The White House has published a set of voluntary cybersecurity guidelines for critical infrastructure providers such as banks.

Last February, President Obama signed the 'improving critical infrastructure cybersecurity' order ahead of his State of the Union address.

After a year of consultation, a framework for banks, utilities, transportation providers and others has now been put together by the Department of Commerce's National Institute of Standards and Technology (Nist).

The framework promises to gather existing global standards and practices to help firms "understand, communicate, and manage their cyber risks" and also offers guidance on "privacy and civil liberties considerations", a hot topic in the wake of the Edward Snowden revelations.

The financial services industry has seen a number of high-profile attacks over the last few years from political groups such as Anonymous, as well as old fashioned cyber crooks. Industry players, including the DTCC, Sifma and Independent Community Bankers of America's lined up to welcome the new framework.

Says Mark Clancy, chief information security officer, DTCC: "The financial services industry clearly recognizes the broader systemic risks that could result from a cyber attack and the implementation of the Cybersecurity Framework is an important step in mitigating this for the vital infrastructures across all sectors."

However, not everyone is happy with the voluntary nature of the framework. Republicans filibustered an earlier bill in 2012 which would have set binding minimum security standards.

Speaking yesterday, the president made clear that he wants further action, saying: "While I believe today's Framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity...I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties."

Read the full framework

Comments: (0)