A unique, public-private partnership effort now turns to the plan’s implementation
The official rollout of the US Cybersecurity Framework, recognized this past Wednesday in an announcement delivered by President Barack Obama, represents the completion of a successful partnership effort among The White House, the Automation Federation and its founding organization, the International Society of Automation (ISA). Now, the second phase of the partnership—working together to implement the framework—begins.
The US Cybersecurity Framework, the result of a year-long initiative to develop a voluntary how-to guide for American industry and operators of critical infrastructure to strengthen their cyber defenses. is a key deliverable from the Executive Order on “Improving Critical Infrastructure Cybersecurity” that President Obama announced in his 2013 State of the Union address.
During the past year, representatives of the Automation Federation and the International Society of Automation (ISA) have been assisting the US government—at the White House’s request—to help develop and refine a draft of the US Cybersecurity Framework. Both organisations were sought out as essential government advisors given their expertise in developing and advocating for industrial automation and control system (IACS) security standards. The ANSI/ISA99, Industrial Automation and Control Systems Security standards (known internationally as ISA99/IEC 62443), are recognized globally for their comprehensive, all-inclusive approach to IACS security.
ISA’s IACS security standards are among the framework’s recommendations because they’re designed to prevent and mitigate potentially devastating cyber damage to industrial plant systems and networks—commonly used in transportation grids, power plants, water treatment facilities, and other vital industrial settings. Without these defenses in place, industrial cyberattack can result in plant shutdown, operational and equipment impairment, severe economic and environmental damage, and public endangerment.
A significant step forward in protection
President Obama, in his statement released on last Wednesday in Washington, DC, said that “cyber threats pose one the gravest national security dangers that the United States faces. I am pleased to receive the Cybersecurity Framework, which reflects the good work of hundreds of companies, multiple federal agencies and contributors from around the world.”
The 41-page framework takes a risk-management approach that allows organizations to adapt to “a changing cybersecurity landscape and responds to evolving and sophisticated threats in a timely manner,” according to the document.
Though the adoption of the framework is voluntary, the Department of Homeland Security (DHS) has established the Critical Infrastructure Cyber Community (C3) Voluntary Program to increase awareness and use of the Cybersecurity Framework. The C3 Voluntary Program will connect companies, as well as federal, state and local partners, to DHS and other federal government programs and resources that will assist their efforts in managing their cyber risks. Participants will be able to share lessons learned, receive guidance and learn about free tools and resources.
Attending the Wednesday launch event in the nation’s capital was a contingent of Automation Federation officials, including Michael Marlowe, Automation Federation Managing Director and Director of Government Relations; Terry Ives, 2014 Chair of the Automation Federation; and Leo Staples, a past Chair of the Automation Federation who serves as leader of the Automation Federation’s Cybersecurity Framework team.
“Given that the risk of cyberattacks targeted to industrial automation and control systems across all industry sectors continues to grow, it’s important that the Automation Federation and ISA have been actively involved in the development of this national cybersecurity initiative,” said Ives. “The Cybersecurity Framework provides an effective, comprehensive approach for industry sectors to determine their vulnerability to these kinds of attacks and the means to mitigate them.”
Moving forward to implementation
“Now that the Cybersecurity Framework has been officially launched by the Obama administration, we have been asked by The White House and the National Institute of Standards and Technology (NIST) to assist in the framework’s implementation,” reports Marlowe. “We are actively underway in planning a series of implementation seminars throughout the US and as far away as London.”
In fact, the first implementation seminar is to be conducted on Friday, 21 February 2014 in Birmingham (AL USA). The seminar will be sponsored by the Automation Federation and the Alabama Technology Network, a Working Group of the Automation Federation.
At the seminar, representatives from the White House, NIST and leading cybersecurity subject matter experts will outline the provisions and details of the Cybersecurity Framework, and will illustrate why IACS security standards are such fundamental components of the plan and its implementation.
Michael Daniel, Special Assistant to the US President and the Cybersecurity Coordinator makes a blog contribution here: Launch of the Cybersecurity Framework – What’s Next? (18/2/2014)