Treasury Applauds Launch of Cybersecurity Framework
Tuesday, February 18, 2014
With the release
of NIST’s Cybersecurity Framework,
the Administration has taken an important step in securing our nation’s
critical infrastructure. The Framework enables firms of all sizes to use
benchmarks to guide cybersecurity activities and consider cyber risks as part of
the organization’s overall risk management processes. Over the past year, Treasury,
as the sector specific agency for the financial services sector, has worked
closely with the industry, independent financial regulators, and other
government partners to provide input and shape the Framework.
Framework is a risk-based approach to managing cybersecurity. It consists of
methods by which firms might evaluate their risk profile, standards and best
practices that they might employ to strengthen cybersecurity, and criteria for
firms to judge their application of those standards. For larger firms with
already robust cyber risk management, this Framework can serve to highlight
specific best practices and standards that might be used. These organizations
may also use the Framework to evaluate the cybersecurity of clients and
customers. Smaller institutions may use the Framework to better understand
their risk profile and establish protocols for ensuring proper controls are in
place to meet that profile.
With the release of the
Framework, this week also marks the one-year anniversary of the President’s
Executive Order 13636"Improving Critical Infrastructure Cybersecurity.”Through
the implementation of this Order, Treasury has sought ways to increase its
engagement with the sector on issues related to cybersecurity. This has
involved an elevation of the importance of these matters at the most senior
levels of the public and private sector, an increase in information sharing
between institutions of all sizes, and a greater integration of operations
between our government partners.
Despite the notable
progress we have made over the past year, much work remains. Comprehensive
cybersecurity legislation, with the appropriate privacy and liability
protections, is necessary to allow for more beneficial information sharing.
Through greater collaboration between the public and private sectors, we can
maintain vigilance in the face of an ever evolving cyber-threat.
Cyrus Amir-Mokri is the
Assistant Secretary for Financial Institutions at the United States Department
of the Treasury.