COO Keith Mortier asks: “How much longer will this remain voluntary?”
Arlington, VA, March 6 – Following NIST’s final release of the much-discussed Framework for Improving Critical Infrastructure Cybersecurity, Lunarline is strongly advising critical infrastructure owners and operators to adopt these recommendations
Taking direction from a 2013 executive order for improving critical infrastructure cyber security, NIST partnered with key stakeholders in the public and private sectors to design a voluntary framework for reducing cyber risks. The agency published its plan for this framework in October 2013, followed by a final release on February 12. Both events were met with significant discussion among cyber security professionals.
Lunarline’s COO Keith Mortier endorsed the framework’s design.
“I think it provides an excellent, balanced approach to critical infrastructure security,” he said. “It is a great example of government and industry working together to provide enough guidance – not too much, but just enough – to ensure that everyone is working together to protect our nation’s critical infrastructure.”
“However, industry needs to be careful,” he added. “This program is currently voluntary. But the Government isn’t shy about compelling compliance, especially not when national security is at stake.”
According to Mr. Mortier, there are several critical features to this framework. These include:
- A flexible design that allows organizations to adapt the platform to meet their unique security requirements.
- An emphasis on risk-management, allowing organizations to establish risk tolerances and make informed decisions on acceptable risk.
- A technology agnostic design that enables organizations to continue using existing technologies while driving continuous improvement in security posture.
- Specific implementation examples to help providers review and improve existing cyber security practice.
- A foundation in industry accepted approaches, allowing organizations to continue using existing standards (e.g. COBIT, SOC, ISO, FISMA), while building in additional controls.
“If I were a critical infrastructure owner or operator, I’d pay pretty close attention to these developments,” said Spence Witten, Lunarline’s Director of Federal Sales. “As we’ve seen with FISMA, FedRAMP and DIACAP, security compliance can go from voluntary to mandatory with the stroke of a pen. Vendors that prepare in advance reap the benefits. The rest get left behind.”
Lunarline is a leading provider of cyber security services, training and products to the DoD, intelligence, civilian and private-sector communities. Lunarliners keep pretty busy, battling advanced persistent threats, dissecting the latest cyber attacks and flying around the world in support of rapid incident response. But every now and then we find time to put out a press release or two – just to let the world know how awesome we are.
For more information about Lunarline, please visit www.Lunarline.com.