Software industry group welcomes US cyber security framework

BSA, The Software Alliance has welcomed the launch of the US Framework for Improving Critical Infrastructure Cyber security

Software industry advocacy group BSA, The Software Alliance has welcomed the launch of the US Framework for Improving Critical Infrastructure Cybersecurity.

The US National Institute of Standards and Technology (Nist) drew up the framework with input from 3,000 industry and academic experts in response to an executive order by President Barack Obama.

Like the UK, a large proportion of organisations responsible for critical national infrastructure, such as electrical power and water supplies, are private sector companies.

The executive order was issued in February 2013 after months of debate in congress failed to get cyber security legislation in place.

The executive order called for a framework that provides a “prioritised, flexible, repeatable, performance-based, and cost-effective approach” for assisting organisations responsible for critical infrastructure services to manage cyber security risk.

The framework outlines how companies can identify and protect network assets and detect, respond to and recover from cyber attacks and data breaches.

The official launch follows the publication of a draft framework in October 2013 and a 45-day period in which stakeholders were invited to give feedback.

Some private US companies have expressed fears that the voluntary framework will create new liabilities, but the BSA said it will have a positive effect.

“This framework creates the conditions for a productive public-private partnership that will bolster cyber security while promoting innovation,” said Tim Molino, BSA government relations director.

“Nist has solicited input from industry and other public stakeholders to ensure the framework leverages and promotes best practices on a voluntary basis,” he said.

According to BSA, this approach acknowledges there are no silver bullet solutions to enhance cyber security.

“What we need instead is an ongoing process of innovation and adaptation to counter the evolving threat environment. It is a long journey, but we’re heading in the right direction,” said Molino.

Read more on Hackers and cybercrime prevention