President Barack Obama on Wednesday announced a new cybersecurity framework of best practices and popular standards to advise companies on how to protect their networks, but time will tell if businesses invest in the voluntary tips.
Obama ordered the National Institute of Standards and Technology last year to work with the private sector to compile the guidance, after Congress failed to pass legislation that would better protect networks of critical infrastructure companies, including health care and electrical power businesses.
Congress could not agree on cybersecurity
issues such as whether government requirements would be the best way to ensure
companies took enough precautions to secure
their networks. Obama urged lawmakers to try again, and promised to take more
executive actions to secure America’s networks in a statement on Wednesday.
[READ: Congress Pressures Target, Retailers on Data Security]
“While I believe today’s Framework marks a turning point, it’s clear that much more work needs to be done to enhance our cybersecurity,” Obama said. “Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property.”
There is no way to track how or if businesses implement the cybersecurity recommendations, and the White House is relying on the “enlightened self-interest” of companies to use the framework to protect their networks, Obama administration officials said in a conference call.
The trick with mandatory cybersecurity rules is that they can create a false sense of security among businesses that compliance is all they need to guarantee protection from fast-adapting hacker groups, former Department of Homeland Security Secretary Tom Ridge says.
“The hackers and the technology are moving much faster than the bureaucrats,” Ridge says.
The framework's unveiling comes as Congress is pressuring retailers like Target to secure their networks following recent hacks of credit and debit card payment data that have exposed millions of consumers.
Retailers spend 4 percent of their technology budgets on security, less than the 5.5 percent spent by banks and 5.6 percent spent by health care companies, according to technology research firm Gartner Inc.
Senate Commerce, Science and Transportation Committee Chairman Jay Rockefeller, D-W.Va., said in a statement data breaches of retailers “are a stark reminder” that U.S. networks are vulnerable to hackers.
“This framework represents the careful thinking of our country’s top security experts,” Rockefeller said. “It should become an essential touchstone, not just for critical infrastructure operators, but for all companies and government agencies that need to protect their systems and their data.”