refinement. Critical infrastructures are made up of bridges, power supply, medical facilities, telecommunications networks, and more. More so now, we rely on cyber infrastructures like working on our laptop from home to have a business meeting. Or Skyping with the grandparents that are across the country so they can see how big their grandchildren are getting.
In this day, the critical infrastructure relies on digital systems of calculation and communication, most widely known as "cyber." We've all heard of those cyber criminals hacking into our computers. Gather our personal information, getting into our emails, stealing our identity. Our cyber infrastructure is under attack and it seems like no one knows what to do about it or how to stop it. We are helpless and lost, our computers are being invaded with malware and viruses while we watch. No worries though, America is taking charge and building a critical infrastructure cybersecurity framework.
Land of the Great
In February, President Obama issued an executive order to improve cybersecurity. He intends to promote better protection of the country's infrastructure from cyber attacks that are growing in our economy and national security. This week, that executive order is taking place here in San Diego-home of ESET North America at the University of California, San Diego (UCSD) and the National Health Information Sharing and Analysis Center (NH-ISAC) are hosting the 3rd Cybersecurity Framework Workshop today July 10 until Friday, July 12, 2013. The intent is to work with stakeholder to organize a voluntary framework for reducing cyber risks.
Executive Order 13636, Improving Critical Infrastructure Cybersecurity, has directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructures. This cybersecurity framework is being developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement. - National Institute of Standards and Technology (NIST)
The San Diego event will have sessions that go into the depths of cybersecurity functions and it's workings.
- Know – Gaining the institutional understanding to identify what systems need to be protected, assess priority in light of organizational mission, and manage processes to achieve cost effective risk management goals
- Prevent – Categories of management, technical, and operational activities that enable the organization to decide on the appropriate outcome-based actions to ensure adequate protection against threats to business systems that support critical infrastructure components.
- Detect –Activities that identify (through ongoing monitoring or other means of observation) the presence of undesirable cyber risk events, and the processes to assess the potential impact of those events.
- Respond – Specific risk management decisions and activities enacted based upon previously implemented planning (from the Prevent function) relative to estimated impact.
- Recover – Categories of management, technical, and operational activities that restore services that have previously been impaired through an undesirable cybersecurity risk event.
The next chapter is to observe the key categories and subcategories for the above functions. They will examine the standards, guidelines, and practices for each suite and lower groups alike. The US business and government agencies are hyper focusing on criminal hacking attacks and acts of cyber warfare, which is believed to be the work of state sponsored foreign agencies and home-grown hacktivist groups. Online registration for the San Diego workshop is closed and already under way. You may still register today at Madneville Auditorium, University of California, San Diego, 9500 Gilman Drive, La Jolla, California.
So know that America is seeing this epidemic of cyber criminals on the rise and we are doing something about it. We are taking charge and fighting.
Image courtesy of [Victor Habbick] / FreeDigitalPhotos.net
A cybersecurity framework to protect digital critical infrastructure
Published July 8, 2013
3rd Cybersecurity Framework Workshop, July 10-12, 2013, San Diego, CA