Cyber handbook provides critical link between DHS, industry

Tuesday - 7/29/2014, 2:08pm EDT

With cyber hackers targeting everything from Office of Personnel Management networks to Target shoppers' credit cards, the public and private sectors must work together to secure the nation's critical infrastructure.

The National Association of Corporate Directors' (NACD) Handbook on Cyber-Risk Oversight, introduced Tuesday at the National Press Club in Washington, outlines five key principles that aim to move forward the collaborative cybersecurity effort.

"We've actually moved beyond our first goal, which was cybersecurity awareness," said Larry Clinton, president and CEO of the Internet Security Alliance and preparer of the handbook. "We've now moved into the harder issues, which is actually understanding the problem, and then pragmatically working to solve it."

Cohesive efforts for a common cause

The handbook is the first private sector resource to be featured on US-CERT's "Getting Started for Business" website, as part of the Critical Infrastructure Cyber Community (C3) Voluntary Program. The voluntary program encourages adoption of principles and guidelines outlined in the National Institute of Standards and Technology (NIST) Framework.

"One of our goals is to make sure that when [cyber] awareness is raised, that we're there with the resources to help companies," said Dr. Andrew Ozment, assistant secretary in the Office of Cybersecurity and Communications at the Homeland Security Department.

The handbook builds on the NIST Framework, providing recommendations on how industry can secure its networks. The principles guide businesses on how to use emerging technologies, such as social media, cloud computing and bring your own device (BYOD), while still protecting against threats.

Clinton said he is "delighted" that DHS included the handbook in its voluntary program, as it will provide a critical link between the public and private sectors.

"We think the government contribution is going to substantially extend the reach of the substantive improvements we think we're making," Clinton said. "Now we have enterprise risk management, corporate government, cyber expertise and the government all pulling together in a coherent fashion on what we think is truly a united common cause."

Ken Daly, president and CEO of NACD, echoed Clinton's sentiments.

"We have a very organized, very knowledgeable, very deliberate organization helping us get the word out," Daly said.

Cyber legislation pushes forward

Cybersecurity concerns have not only sparked action within government and industry but also on Capitol Hill.

On Monday, the House passed the Homeland Security Cybersecurity Boots-on-the-Ground Act, which develops a strategy for addressing gaps in DHS' cyber workforce.

"This is a national scale problem, and it's going to require efforts from every part of our nation," Ozment said. "Everybody's got to be a part of making cybersecurity an understood and managed national-level risk."

RELATED STORIES:

DHS plan to protect critical infrastructure goes beyond cybersecurity

DHS sees a wave of information sharing as the key to raising all cyber boats