The President of the United States has charged the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Department of Commerce (DOC) with creating a cross-sector cybersecurity framework.

The Special Assistant to the President for cyber security degree in San Antonio opened a panel discussion about Presidential Executive Order 13636 on Wednesday, April 3, 2013 in Washington, D.C. The panel’s goal was to outline the procedure to be used in creating a national standard.

A previous bill that attempted to implement the Executive Order’s requirements was defeated by Congress.

The meeting’s attendees were given an explanation of the responsible federal authorities’ overall strategy. The effort will result in a cybersecurity framework that can be used by the nation’s crucial national infrastructure (as defined by Presidential Decision Directive 63). The framework’s objective is to safeguard cyber-based resources that are essential to American economic and national security in the “new normal” for business, industry, and the public sector.

The private sector owns 85% of the nation’s most important infrastructure. There could be significant effects on business and industry. The insights given below should be interesting from a variety of angles.

• The Executive Branch of the federal government now views cybersecurity as crucial.
• Our vital national infrastructure is subject to an asymmetrical threat environment that is becoming more severe and complicated.
• The framework for cybersecurity must put a special emphasis on locating risks to the vital national infrastructure at all levels.
• A collaborative and risk-based approach is being established for cybersecurity.
• The concept of risk-based management shall be emphasized in the cybersecurity framework.
• Information sharing and analysis centers that span sectors must be used to improve situational awareness.
• Compatible and recognized international information security standards will be used.
• Civil rights and privacy considerations must be taken into account.
• Both public and private entities must recognize and manage risks.
• The cybersecurity framework that is implemented must include strong staff knowledge.
• A precise and unambiguous legal framework must be present in the cybersecurity framework.
• It is necessary to understand how control systems work and why they need to be safeguarded.
• The foundation for cybersecurity that emerges must be verifiable, repeatable, and measurable.
• The panelists who participated in the discussion agreed that “voluntary compliance” is essential for the new cybersecurity framework to succeed.

Major business figures support the creation of the new security framework. Senior representatives from Visa, Microsoft, Merk, Northrup Grumman, IBM, SANs, ANSI, and other well-known organizations participated on the panel.

All interested parties should keep an eye on how the computer security standards are being developed. Whatever the final cybersecurity framework product is, there are probably going to be valid worries.

The federal government will set regulations for the processing and security of private sector data through “voluntary compliance.” What does “voluntary compliance” mean? How will this function? To check whether a supplier or provider is adhering to the framework, one approach can involve auditing the firm. The company can lose its ability to work as a supplier for the federal government if it hasn’t complied with the requirements yet. There are countless options.

There are valid reasons to be concerned about how government organizations now regulate and make use of our meta data. The newly developed cybersecurity architecture does little to allay these concerns.