Just hours after the White House officially released the National Cybersecurity Framework, Virginia Gov. Terry McAuliffe announced the commonwealth will adopt it into its existing risk framework.
The framework, developed by the National institute of Standards and Technology, brought together leaders from the public and private sector to come up with a structure to address cybersecurity risks to critical infrastructure.
“Adding this framework to the existing efforts led by the secretary of technology, chief information officer, chief information security officer and the Virginia Information Technologies Agency will strengthen the commonwealth’s ability to fight cyber-crime and further enhance Virginia’s position as a leader in cybersecurity,” McAuliffe said.
“Virginia has an award-winning cybersecurity program in place, but must continue to advance our ability to keep our families and businesses safe and make the commonwealth the national hub for the cybersecurity industry and the jobs that come with it.”
McAuliffe added that the new framework will help to enhance the systematic process for identifying, assessing, prioritizing and communicating cybersecurity risks and steps needed to reduce risks as part of the state’s broader priorities.
President Barack Obama called for the creation of the framework in February 2013, first announcing it during that year’s State of the Union address.
The framework allows organizations—regardless of size, degree of cyber-risk or cybersecurity sophistication—to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.
Organizations can use the framework on a voluntary basis to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity.
“The framework provides a consensus description of what’s needed for a comprehensive cybersecurity program,” Undersecretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher said in a statement. “It reflects the efforts of a broad range of industries that see the value of and need for improving cybersecurity and lowering risk. It will help companies prove to themselves and their stakeholders that good cybersecurity is good business.”
The framework’s development has taken place over the past year in collaboration with a broad array of stakeholders from the public and private sectors as a result of a federal executive order to develop a way to address cybersecurity risks to critical infrastructure.
Input was provided by public and private infrastructure owners and operators, industry leaders and other stakeholders in workshops, meetings, webinars and other information sessions over the past year, led by Charles Romine, director NIST’s Information Technology Laboratory.