Software industry advocacy group BSA, The Software Alliance has welcomed the launch of the US Framework for Improving Critical Infrastructure Cybersecurity.
The US National Institute of Standards and Technology (Nist) drew up the framework with input from 3,000 industry and academic experts in response to an executive order by President Barack Obama.
The executive order called for a framework that provides a “prioritised, flexible, repeatable, performance-based, and cost-effective approach” for assisting organisations responsible for critical infrastructure services to manage cyber security risk.
The official launch follows the publication of a draft framework in October 2013 and a 45-day period in which stakeholders were invited to give feedback.The framework outlines how companies can identify and protect network assets and detect, respond to and recover from cyber attacks and data breaches.
Some private US companies have expressed fears that the voluntary framework will create new liabilities, but the BSA said it will have a positive effect.
“This framework creates the conditions for a productive public-private partnership that will bolster cyber security while promoting innovation,” said Tim Molino, BSA government relations director.
“Nist has solicited input from industry and other public stakeholders to ensure the framework leverages and promotes best practices on a voluntary basis,” he said.
According to BSA, this approach acknowledges there are no silver bullet solutions to enhance cyber security.
“What we need instead is an ongoing process of innovation and adaptation to counter the evolving threat environment. It is a long journey, but we’re heading in the right direction,” said Molino.