U.S: Infrastructure Cybersecurity Framework Unveiled
This post is also available in: 
עברית (Hebrew)
The Obama Administration has announced the release of the Cybersecurity Framework, the result of a year-long effort to develop a voluntary guide for critical infrastructure organizations to strengthen cybersecurity
According to Government Security News the Framework is meant to create a broad set of cybersecurity standards, strengthening the security and resiliency of critical infrastructure through public-private cooperation. It’s one result of a Presidential directive signed last February, “Improving Critical Infrastructure Cybersecurity”.
The Framework gathers existing global standards and practices to help organizations understand, communicate, and manage their cyber risks, according to a White House statement. “For organizations that don’t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate with their CEOs and with suppliers about management of cyber risks.”
It also offers a methodology to help organizations incorporate privacy and civil liberties protections into a comprehensive cybersecurity program. Organizations outside the United States may also wish to use the Framework to support cybersecurity efforts, it said.
iHLS – Israel Homeland Security
The three main elements in the Framework are the core, tiers, and profiles. The core presents five functions — identify, protect, detect, respond, and recover — that taken together allow organizations to understand and shape their cybersecurity program.
The tiers describe the degree to which an organization’s cybersecurity risk management meets goals set out in the framework; they range from informal, reactive responses to agile and risk-informed. The profiles help organizations progress from a current level of cybersecurity sophistication to an improved state that meets business needs.
Though the adoption of the Framework is voluntary, the DHS has also established a Critical Infrastructure Cyber Community Voluntary Program as a public-private partnership to increase awareness and use of the Framework. The DHS’s program will connect companies and federal, state, local, tribal, and territorial partners to DHS and other federal government programs and resources to help manage cyber risks.
