Tech Industry Praises Cybersecurity Framework From White House
Leaders of the tech sector laud the Obama administration's rollout of voluntary cybersecurity guidelines, but broader private-sector adoption could remain a challenge.
Tue, February 18, 2014
CIO — Members of the tech industry heralded the White House's announcement of a set of voluntary guidelines for businesses to improve their cybersecurity posture, suggesting that the document could spur private-sector operators of critical infrastructure to prioritize the issue within their firms.
The administration's cybersecurity framework offers a far-ranging template for businesses in various sectors of the economy, including core functions such as threat identification and response, assessment tools and guidance for aligning security with a company's business objectives.
The blueprint grew out of an executive order on cybersecurity that President Barack Obama issued last February and came as a welcome step forward for members of the tech community who have been advocating for the government to do more to encourage the private sector to improve its digital defenses.
"We believe they produced something that's very positive, that actually is a good framework for looking at cybersecurity," says Tim Molino, director of government relations at BSA, a trade group representing software and hardware companies.
'Flexible' Framework Offers Broad Guidelines
It remains to be seen the extent to which businesses will incorporate the voluntary framework into their internal cybersecurity operations, but some industry officials praise the administration for avoiding technical prescriptions and instead producing broader guidelines that can be tailored to fit in organizations across the 16 sectors of the economy that the government has designated as critical infrastructure.
"The framework is an inherently flexible, adaptable document, and because of that we believe that just about any organization can benefit from it — no matter its size or level of sophistication," says Jeff Greene, senior policy counsel at the security software vendor Symantec. "We are using it internally, and we think it likely that it will be a part of many organizations' overall security program in the coming years."
The government is actively encouraging businesses to adopt the framework, an effort led by the Department of Homeland Security, which has set up the Critical Infrastructure Cyber Community (C3) Voluntary Program to support that effort. Through that program, DHS offers companies resources and support staff to help implement the framework. The department says it's committed to forging stronger partnerships with private-sector firms and will support efforts to develop industry-specific guidance where appropriate.