The economic security of our country depends on safeguarding our critical computer systems.
As we have all seen, many corporations have recently been under near constant attack from hackers who exploit the complexity and connectivity of our digital world. This drives up costs and puts our private data in the wrong hands.
In response to these risks, the President and the FCC have both taken steps to better protect our digital infrastructure.
Executive Order 13636
To address cybersecurity risks, President Obama last week issued an executive order, “Improving Critical Infrastructure Cybersecurity.”
This executive order establishes that it “is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”
In plain English, this executive order contains a set of industry standards and best practices to help businesses manage cybersecurity risks. The government and the private sector worked together to create these standards.
This order consists of three parts — The Framework Core, the Framework Profile, and the Framework Implementation Tiers:
- The Framework Core is a set of cybersecurity activities common across all critical organizational sectors, and provides detailed guidance for developing security plans.
- The Framework Profiles help organizations align their cybersecurity activities with business requirements, risk tolerances, and available resources.
- The Framework Implementation Tiers provide a way for organizations to understand how effective their approach is to managing cybersecurity risks.
The FCC Strikes Back
The Federal Communication Commission, an agency normally only known for approving mergers and regulating our phone communications, is also eager to get into the cybersecurity game.
Up until now, fighting hackers was mainly done by law enforcement agencies. But the recent attacks by hackers against major corporations has pulled the FCC into the fight. The FCC’s role will be to ensure the integrity of the telecommunication links between companies.
Exactly how they will do this and what they will do is not clear at this point. FCC Chairman Tom Wheeler has named several top officials to new cybersecurity posts within the FCC. Admiral David Simpson, named the chief of the public safety bureau, is pushing the cybersecurity agenda across all FCC bureaus.
The FCC plans to help companies implement the guidelines in the President’s executive order.
Beyond that, little is known about the FCC’s plan, but we know they are ambitious. Chairman Wheeler was recently quoted as saying, “I do not intend to be sitting in the chairman’s seat when a major cyber-attack occurs, having done nothing.”