As we are all aware, cyber breaches from malicious actors - criminal and/or nation-sponsored - to our critical infrastructure could lead to significant damage and disruption to our national economy. The national conversation around cyber incidents, which included work from the Obama administration, hearings and other efforts in congress, led to President Obama’s Executive Order (EO 13636) that established the path forward to increase the cybersecurity of our nation’s critical infrastructure, including the development of the Cybersecurity Framework (CSF).
The CSF is a great start for critical infrastructure entities, or other organizations, that want to develop or accelerate an effective cyber defense and resilience capability. It presents a model that helps to identify, assess and reduce critical business risk and also promotes a measured approach that organizations can follow to determine exactly what their cybersecurity posture is and create a roadmap to address prioritized risk areas. These efforts can be led through internal capabilities or through third party assessments.
One way to get started is through engagement with CFORUM which will provide access to a thoughtful community that can assist in answering questions and sharing best practices and ideas. While the information security leaders in the CFORUM have an enriching and wide diversity of backgrounds and industries – they share a common purpose: securing the American economy from the serious cyber risks. I encourage you to join and take advantage of it.
While supported and incubated by the public sector, a fundamental aspect of the vision behind the EO and CSF was to establish a living Framework that is private sector led. In my next post, I’ll outline how a confluence of factors in the private sector (from insurance, to contracts, to supply-chain management, and more) are contributing to making this voluntary framework, a de facto required one.