Corruption Currents: From Extraditing ‘El Chapo’ to Iraq-Iran Arms Deal

Simon Hodgett

Feb 24, 2014

Simon Hodgett, Partner, Commercial, addresses the Framework for Improving Critical Infrastructure Cybersecurity, developed at the direction of President Obama and designed to assist critical infrastructure (e.g. financial, energy, and health care sectors) guard against cyber threats in a recent blog posting, stating that “Canadian firms will benefit from familiarizing themselves with the Framework.” The blog post was picked up by The Morning Risk Report, The Wall Street Journal.

February 20, 2014

(Extract)

On February 12th, the U.S. National Institute of Standards and Technology (NIST) unveiled version 1.0 of its voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework).  The Framework was developed at the direction of President Obama’s Executive Order 13636 and designed to assist critical infrastructure (e.g. financial, energy, and health care sectors) guard against cyber threats.

...

Implications

While the Framework is voluntary, NIST is highly influential.  The Framework has the potential to become a de facto cybersecurity standard. With the U.S. Federal Government’s increasing emphasis on cyber risk preparedness, the Framework may well become a requirement for conducting business with U.S. federal agencies.  If so, many private U.S and multi-national providers will face a strong impetus to adopt the Framework. NIST plans to engage foreign governments and entities to advocate for the broad international adoption of the Framework.  As such, Canadian firms will benefit from familiarizing themselves with the Framework.

At the very least it will likely provide a common set of terms and language for discussing cybersecurity within industry and government. For example, the Framework could serve as a useful complement for financial institutions and suppliers addressing the OSFI Cyber Security Self-Assessment Guidance (OSFI Guidance) released on October 28, 2013.  While the OSFI Guidance is high-level and descriptive, the Framework is significantly more detailed and prescriptive and includes many globally accepted standards and best practices.

To read the full blog posting, click here.