Software industry advocacy group BSA, The Software Alliance has welcomed the launch of the US Framework for Improving Critical Infrastructure Cybersecurity.
Like the UK, a large proportion of organisations responsible for critical national infrastructure, such as electrical power and water supplies, are private sector companies.
The executive order was issued in February 2013 after months of debate in congress failed to get cyber security legislation in place.
The executive order called for a framework that provides a “prioritised, flexible, repeatable, performance-based, and cost-effective approach” for assisting organisations responsible for critical infrastructure services to manage cyber security risk.
More on critical infrastructure
- UK must legislate on critical cyber security, says ViaSat
- US researchers find 25 security vulnerabilities in SCADA systems
- Critical infrastructure providers are less engaged with government cyber protection
- Government to monitor companies supporting critical national infrastructure
- Is UK critical national infrastructure properly protected?
- Cyber security study reveals mismatch between awareness and preparedness
- Critical infrastructure security in dire need for standards
The framework outlines how companies can identify and protect network assets and detect, respond to and recover from cyber attacks and data breaches.
The official launch follows the publication of a draft framework in October 2013 and a 45-day period in which stakeholders were invited to give feedback.
Some private US companies have expressed fears that the voluntary framework will create new liabilities, but the BSA said it will have a positive effect.
“This framework creates the conditions for a productive public-private partnership that will bolster cyber security while promoting innovation,” said Tim Molino, BSA government relations director.
“Nist has solicited input from industry and other public stakeholders to ensure the framework leverages and promotes best practices on a voluntary basis,” he said.
According to BSA, this approach acknowledges there are no silver bullet solutions to enhance cyber security.
“What we need instead is an ongoing process of innovation and adaptation to counter the evolving threat environment. It is a long journey, but we’re heading in the right direction,” said Molino.