US Bureau drafts cybersecurity framework

A US governmental bureau has released a set of draft voluntary standards that companies can follow in order to increase the level of defence against cyber attacks.

Reuters reports that the National Institute of Standards and Technology [NIST] used input from 3,000 experts in academia and the technology industry in order to draft the framework that it hopes will sidestep costly regulations and improve conditions for firms.

"Ultimately what we want to do is we want to turn today's best practices into common and expected practices," NIST Director Patrick Gallagher said, calling the guidelines "a living document" that will be flexible.

The draft standards offer advice on how firms can identify and protect network assets as well as how to discover, respond and recover from breaches that affect companies on a regular basis. It also tries to explain how companies can do this while at the same time protecting privacy and civil liberties.

Barack Obama asked NIST to compile a list of voluntary standards back in February that was in response to the lack of progress on a bill being drafted in Congress.

There are worries among some connected to the industry that there is no real incentive to conform to the framework and that it appears both vague as well as complex with this likely to be a problem when it comes to adoption.

"Much of the document is very procedural. I fear that it won't measurably improve cybersecurity without making it more expensive for everybody,” said Stewart Baker, a former Department of Homeland Security assistant secretary.

The cost of cybercrime has been growing on a global basis this year with Symantec reporting only this month that the cost per victim has risen by 50 per cent and that was only in the consumer sector where the global price tag on consumer cybercrime was put at a huge $113 billion [£69.7 billion].

Image Credit: Flickr (freefotouk)