Privacy & Information Security Law Blog

On August 28, 2013, the Obama Administration issued several documents relating to the Cybersecurity Framework that the President called for in Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The documents include:

• Preliminary Cybersecurity Framework (Discussion Draft);
• Preliminary Cybersecurity Framework: Illustrative Examples (Discussion Draft);
• Message to Senior Executives on the Cybersecurity Framework (Discussion Draft);  and
• Cybersecurity Framework Performance Goals (Draft).

The Administration issued these documents in anticipation of receiving comments from reviewers before and during the Fourth Cybersecurity Framework workshop, which will take place on September 11 – 13, 2013 at the University of Texas at Dallas. Specifically, the Administration is seeking input regarding the following questions:

How can the Preliminary Framework:

• Adequately define outcomes that strengthen cybersecurity and support business objectives?
• Enable cost-effective implementation?
• Appropriately integrate cybersecurity risk into business risk?
• Provide the tools for senior executives and boards of directors to understand risk and mitigations at the appropriate level of detail?
• Provide sufficient guidance and resources to aid businesses of all sizes while maintaining flexibility?

Will the Discussion Draft:

• Be inclusive of, and not disruptive to, effective cybersecurity practices in use today?
• Enable organizations to incorporate threat information?

Is the Discussion Draft:

• Presented at the right level of specificity?
• Sufficiently addressing unique privacy and civil liberties needs for critical infrastructure?