In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infrastructure. Although technology may reduce risks associated with the human factor and legacy data-processing, it introduces new risks that, if left unaddressed, could result in adverse impacts on critical infrastructure.

The dependency on the 16 United States critical infrastructure sectors is crucial, as they provide vital services, stability, and resources that enable the country to function. The U.S. acknowledges that adequate critical infrastructure protection cannot be achieved by the U.S federal government alone. The security of critical infrastructure components requires the governance and support of private sector organizations across various infrastructure sectors. Adopting, implementing, and integrating security practices across federal and private entities is necessary to achieve critical infrastructure cyber resiliency.

The NIST Cybersecurity Framework

To strengthen the case for critical infrastructure cybersecurity, President Barrack Obama issued Executive Order (EO) 13636 in February 2013. The Executive Order focused on strengthening cybersecurity between the federal and private industries, and it calls for a cybersecurity framework that can be applied to both government and private industry to improve critical infrastructure cybersecurity. The Executive Order resulted in the creation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), which was initially released in February 2014.

The current version of the Cybersecurity Framework provides a flexible approach that can be tailored to adapt to any organization, small or large. At its core, the Cybersecurity Framework consists of five different functions: Identify, Protect, Detect, Respond, and Recover. The functions can also be broken down further into (Read more...)