Cyberspace has quickly worked its way into almost every facet of human life, from everyday social interaction to areas like economics and politics. As technology continues to evolve so rapidly, it is difficult for tech-users, IT professionals and lawmakers to keep up with the changes. Unfortunately, cyber criminals can take advantage of changing technology to infiltrate vulnerable accounts and commit cyber crimes.
In order to maintain America’s national and economic security, it is necessary to protect our critical infrastructure from cyber threats. President Obama, under an executive order to protect against cyber attacks, directed the National Institute of Standards and Technology (NIST) to develop a protective voluntary framework to reduce security threats directed towards America’s critical infrastructure. NIST developed the framework in a public-private partnership with companies, non-profits and government agencies.
The framework provides standards, guidelines and best practices for infrastructure protection. Its inexpensive and flexible approach will allow those who own and operate critical infrastructure to address vulnerabilities while protecting privacy, business confidentiality and civil liberties. Anyone within an organization, from senior executives to IT staff, may use it.
The National Cyber Security Framework Manual contains information to help users understand the many components of national cybersecurity. The manual explains the perspectives on national security from each of the four levels of government: political, operational, strategic and tactical/technical. Each level has a unique stance on national security.
An introductory section of the manual describes how cybersecurity can be managed within an organization’s overall business plans. This helps employees understand cybersecurity and see how their organization measures up against current security standards. After determining their business’ strengths and weaknesses, executives can be better able to implement security strategies.
The second section, Political Aims, addresses the growing role of national cybersecurity in security policy formation. Section three, Strategic Goals, considers the key elements of cybersecurity within national security. This section discusses offensive and defensive cybersecurity strategies, the key players in these activities, and the tensions that may arise among stakeholder groups. This section is written from the perspective of developing goals to promote national security.
Section four, Organizational Considerations, discusses the “Five Mandates,” or interpretations, of national cybersecurity. Each interpretation has a unique set of requirements that link them all together. Three cross-mandates of the interpretations are also discussed. This section also discusses the incident management model and the importance of collaboration among international organizations as a means to promote national security.
The five primary functions of a business approach to cybersecurity are: Know, Prevent, Detect, Respond and Recover. Each of these is broken down into subcategories. The categories under Prevent, for example, include identity and access management, training and awareness, and physical security.
The fifth section of the manual discusses Commitments, Mechanisms, and Governance, and explores the legal and governmental implications of operational national cybersecurity. Relevant national agreements already in regulation are discussed with emphasis placed on their viewpoint on security.
The final section, the culmination of the framework’s core, summarizes the previous points and addresses the need for cybersecurity in both developed and developing countries.