I just came back from a great week at RSA. It was exciting to see how many customers stopped by our booth to inquire about the Cybersecurity Framework recently released by the National Institute of Standards and Technology (NIST). The Framework’s objective is to improve the security posture of public and private organizations that manage critical infrastructures. Companies stopping by our booth were interested in finding out how Spirent test solutions could help them meet the Framework’s requirements.
As a security professional, I have taken a lot of interest in the Framework. It is a remarkable achievement that was put together in collaboration with the companies that manage critical infrastructures. It was developed by NIST as a response to Executive Order (EO) 13636 issued by the President of the United States. The Framework impacts all public and private organizations that manage critical infrastructures in the United States. The Framework approach to risk assessment is based on five core functions that organize cybersecurity activities at their highest level. The five functions are: Identify, Protect, Detect, Respond and Recover.
You may think that the Framework does not impact your business, but if you look at how the Department of Homeland Security (DHS) defines critical infrastructures you may change your mind. DHS defines critical infrastructures as companies in banking & finance, communications, critical manufacturing, defense industrial base, energy, emergency services, food & agriculture, healthcare, IT, utilities, and transportation. As you can see, most companies including service providers, enterprises and federal integrators are included in DHS’s definition. As members of the supply chain for critical infrastructures, the Framework also impacts Network Equipment Manufacturers who develop the security, network and server components that make possible critical infrastructures. IT companies that are performing essential business functions such as B2B and e-commerce also classify as critical infrastructure companies.
Most of the Framework Core functions and activities are not new. They’ve been around for a long time and are being used in some capacity by public and private organizations that manage critical infrastructures. What’s new is that government and industry came together and agreed on a framework of those functions and activities that will help organizations manage and mitigate risk; and by default help them maintain operation while under cyber-attacks.
With our recent white paper and data sheet, Spirent has taken a leading role as a Framework advocate; ensuring that our customers and the critical infrastructure community are aware of the Framework’s impact. Spirent next-generation test tools empower public and private organizations that manage critical infrastructures, to take an active role in assessing and managing their infrastructure security risks. Every day, the critical infrastructure supply chain; network equipment manufacturers, enterprises, service providers, government agencies and federal integrators use our security and application test tools to assess the vulnerabilities of their infrastructures. I encourage you to learn more and download our white paper and data sheet.