What they're saying about the cybersecurity framework

Thursday - 2/13/2014, 8:51am EST

The National Institute of Standards and Technology and the Homeland Security Department released the document that focuses on risk management and flexibility to assist the nation's critical infrastructure providers and other businesses improve their cybersecurity.

Government officials, associations and companies are offering insight and comments on version 1 of the Framework for Improving Critical Infrastructure Cybersecurity.

President Barack Obama:

"While I believe today's framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity. America's economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property. Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas.

I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties. Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat."

Sen. Tom Carper (D-Del.), the chairman of the Homeland Security and Governmental Affairs Committee:

"Thanks to these efforts, companies now have a common, but flexible path forward to better secure their systems and also a meaningful way to measure their progress. We must now focus like a laser on ensuring widespread implementation of the framework in order to effectively protect our national and economic security. To that end, I encourage industry to continue to be good partners in this effort and implement the framework they created. Although the release of this framework is an important step in our ongoing efforts to improve cybersecurity, I still believe that legislation is necessary to address this ever growing threat. I will continue to work with my colleagues on this important issue to ensure that Congress steps up to the plate and does its job to help protect our nation's critical systems."

Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), chairman and ranking member of the Select Committee on Intelligence:

"We are still studying the final version of the National Institute of Standards and Technology's Cybersecurity Framework, but they are certainly to be commended for the collaborative, voluntary process they used to build it. However, as the President indicated in his statement, this framework addresses only part of the security challenges. Passing effective cyber threat information sharing legislation is essential to helping American companies cope with the relentless cyber attacks that they face every day from nation-states like China."

Cyrus Amir-Mokri, the assistant secretary for financial institutions at the Department of the Treasury:

"The framework enables firms of all sizes to use benchmarks to guide cybersecurity activities and consider cyber risks as part of the organization's overall risk management processes. Over the past year, Treasury, as the sector specific agency for the financial services sector, has worked closely with the industry, independent financial regulators, and other government partners to provide input and shape the framework. For larger firms with already robust cyber risk management, this framework can serve to highlight specific best practices and standards that might be used. These organizations may also use the framework to evaluate the cybersecurity of clients and customers. Smaller institutions may use the framework to better understand their risk profile and establish protocols for ensuring proper controls are in place to meet that profile."

Renee James, president of Intel:

"Improving cybersecurity in ways that promote innovation and protect citizens' privacy is the only way to preserve the promise of the Internet as a driver of global economic development and social interaction. Intel applauds the Administration and the National Institute of Standards and Technology for constructing the cybersecurity framework hand-in-hand with industry and other stakeholders, building a model of a voluntary, risk-based tool that can be utilized by a broad array of organizations."

Larry Clinton, president of the Internet Security Alliance:

"The most important element of the effort so far is that we have moved away from trying to impose a government centric set of mandates on industry and instead are attempting to create a program based on industry developed standards and practices where voluntary adoption is motivated by market incentives. This is the most pragmatic path to achieving cyber security because each critical infrastructure system is different and the technology and attack vectors change too quickly for a set of government regulations to keep pace."