One year ago, President Obama issued an Executive Order on cybersecurity tasking the National Institute of Standards and Technology (NIST) to coordinate meetings with the private sector and produce a cybersecurity “framework” for owners and operators of critical infrastructure. The final version of that framework was released today after much input by all segments of manufacturing.
NIST held a series of workshops around the country and solicited feedback from the private sector on how best the government can partner with owners and operators of critical infrastructure to create this framework. They sought input on technology, standards, and implementation among other issues. The result is a 40+ page document that includes recommended activities and best practices to help secure networks and data in critical infrastructure sectors. The framework also provides “profiles” and “tiers” aimed at assisting organizations benchmark their current cybersecurity practices.
This framework and the related policy debate matter to all manufacturers because we are the owners, operators, and builders of critical infrastructure. Because of this all NAM members take cybersecurity very seriously and they welcomed the opportunity to work with the Administration on this important effort. Manufacturers understand that our economic security is linked directly to our cybersecurity. As the President rightly said in his statement issued today on the framework, “our economy is harmed by the theft of our intellectual property”. This is the reason that manufacturers go to great lengths to secure their enterprise and we were pleased to see many of our current best practices included in the framework.
As manufacturers and policymakers examine the framework, the NAM continues to stress that it must remain voluntary. Any attempt to turn these guidelines into mandatory regulations will have the opposite effect of enhancing cybersecurity. As the NAM has said numerous times to the Administration and Congress, the best way to increase cybersecurity of our critical infrastructure is to pass legislation that allows for the sharing of information between the public and private sector without the threat of liability for doing so.
The NAM looks forward to continuing our work with the Administration and Capitol Hill on this top priority for manufacturers.