On October 29, 2013, the National Institute of Standards and Technology (NIST) announced a 45-day public comment period on the release of its preliminary Cybersecurity Framework, which was developed in response to President Barack Obama’s Cybersecurity Executive Order 13636 published in February 2013. Stakeholders have until December 13 to submit their comments to NIST, and the final framework is expected to be published in February 2014, according to the deadlines established in the Executive Order.
The framework was developed in collaboration with industry in an effort to provide guidance to an organization on managing cybersecurity risk. According to the draft document, a key objective of the framework is to encourage organizations to consider cybersecurity risk as a priority similar to financial, safety, and operational risk while factoring in larger systemic risks inherent to critical infrastructure. To view the draft framework, visit this link.
After the final framework is released, the White House plans to create a voluntary program to help encourage critical infrastructure companies to adopt it. This includes developing incentives for companies to join the program. Incentives under consideration include promoting the development of cybersecurity insurance, leveraging federal grant programs, prioritizing technical assistance, reducing tort liability, providing regulatory relief and public recognition, and emphasizing research and development.