Feds Release Cyber Security Guidelines That Companies Can Ignore
Obama administration officials released cyber security guidelines Wednesday to provide information on how critical industries like utilities and banks can protect their data against hackers, but it’s not clear how useful they’ll be since companies aren’t required to use them.
Last February President Obama directed Commerce Department officials to assemble new voluntary standards to help companies in 16 industries better protect themselves against cyber attacks. The new “Cybersecurity Framework” is the result of thousands of comments from companies and five workshops where industry representatives, security experts and government officials hashed out the proposals.
The new voluntary guidance was born from inaction in Congress, which rejected White House-supported legislation in the summer of 2012 that would have set security standards to help prevent cyber attacks on critical infrastructure like electrical companies and banks. Opposition from business groups helped killed the bill in the Senate.
After that defeat, President Obama directed the administration to come up with voluntary standards in consultation with business groups and security officials. As part of the rollout, the Department of Homeland Security launched a voluntary program Wednesday to work with companies of all sizes to bolster their security.
“Nobody’s got this thing licked,” said AT&T CEO Randall Stephenson during a rollout event at the White House Wednesday, where he voiced support for the guidelines. “You’re only as strong as your weakest link. If you think your network is private and protected you’re fooling yourself.”
Several industry groups praised the framework, but it’s not clear how many companies will actually rely on its suggestions in the future. “The key now is to encourage use of the framework,” said Lisa Monaco, assistant to the president for homeland security and counterterrorism.
“We would have preferred a framework that requires more measurable privacy protections as opposed to the privacy processes that were recommended,” said Greg Nojeim of the Center for Democracy and Technology in a statement.
At the rollout of the plan, White House chief of staff Denis McDonough said there is “obviously a lot more to be done” and called on Congress to also pass new cyber security legislation.
Last week, lawmakers turned their attention to cyber security issues as they focused on Target Corp.’s recent data breach, which allowed hackers to steal 40 million credit and debit card records and upward of 70 million other personal records. Despite multiple hearings, there isn’t consensus yet on Capitol Hill about what, if anything, to do about setting new national cyber security or consumer notification standards.