Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

This Is How Obama Wants Companies to Protect Themselves From Cyberattacks This Is How Obama Wants Companies to Protect Themselves From Cyberatta...

This ad will end in seconds
 
Close X

Not a member? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation
 

 

Tech

This Is How Obama Wants Companies to Protect Themselves From Cyberattacks

A first glimpse of the voluntary standards that will take effect in October.

(hdaniel/Flickr)

photo of Brian Fung
July 3, 2013

Even as the saga of Edward Snowden continues, the threat to U.S. systems posed by foreign hackers hasn't abated. Private- and public-sector officials have been working quietly behind the scenes to craft a set of guidelines to address the danger, but so far there's been no product to speak of.

Until now. The National Institute of Standards and Technology on Wednesday released a draft of its new cybersecurity playbook that teaches businesses how to defend themselves from hackers. This is the first time we've had a chance to assess President Obama's efforts at crafting a national cybersecurity policy since he signed an executive order on the issue in February. 

The draft guide presents companies with a rubric of sorts to score themselves. Companies will be asked to evaluate their security along five "functions": know, prevent,  detect, respond, and recover. Think of each function as a layer of defense—you can't prevent attacks, for instance, until you know what assets you've got and what your vulnerabilities are. And you can't effectively respond to a cyberattack unless you have the capability to detect one.

 

Within each function is a set of concrete, actionable goals. "Prevent" recommends that businesses use training programs—without mandating what kind—designed to acclimate employees to threats such as phishing e-mails. Some companies do this sort of thing already; for more help, the goals themselves are broken down into pieces that existing NIST standards already address. That way, no new rules have to be written—the cybersecurity regime will wind up being mostly a fresh blend of old ideas that are already on the books.

The other key part of the system appears to be an executive-level rubric that singles out important people within a company responsible for its cybersecurity. It then gives a "good, better, best" table that looks like this:

 

(NIST)

It's important to remember that this is only a draft—huge swaths of the document remain blank. 

"We're using this as an opportunity to say to the private sector, 'Is this what you had in mind? Are we on track?' " said NIST spokesperson Jennifer Huergo. "We're really focused on putting the meat into this."

A complete draft—which the public will also have a chance to comment on before it's finalized—is expected to be unveiled this October. 

LIKE THIS STORY? Sign up for Tech Edge

Sign up for our daily newsletter and stay on top of tech coverage.

Sign up form for Tech Edge
Job Board
Search Jobs
Digital and Content Manager, E4C
American Society of Civil Engineers | New York, NY
PRODUCT REVIEW ENGINEER
American Society of Civil Engineers | CA
Neighborhood Traffic Safety Services Intern
American Society of Civil Engineers | Bellevue, WA
United Technologies Research Fellow
American Society of Civil Engineers | New York, NY
Process Engineering Co-op
American Society of Civil Engineers | Conshohocken, PA
Electrical Engineer Co-op
American Society of Civil Engineers | Findlay, OH
Application Engineer/Developer INTERN - Complex Fluids
American Society of Civil Engineers | Brisbane, CA
Application Engineer - Internships CAE/CFD Metro Detroit
American Society of Civil Engineers | Livonia, MI
Chief Geoscientist
American Society of Civil Engineers
Application Engineer - Internships CAE/CFD Metro Boston
American Society of Civil Engineers | Burlington, MA
Professional Development Program Engineer
American Society of Civil Engineers | Farmington Hills, MI
Civil Enginering Intern - Water/Wastewater/Site-Development
American Society of Civil Engineers | Sacramento, CA
Staff Accountant
American Society of Civil Engineers | Englewood, CO
Biomedical Service Internship Position
American Society of Civil Engineers | Flint, MI
 
Comments
comments powered by Disqus