Thank you for sharing!

Your article was successfully shared with the contacts you provided.

The Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST) presents an opportunity for in-house counsel to play an important role in framing and strengthening an organization’s preparedness for and response to cyberattacks.

The NIST, the federal agency that works with industry to develop and apply technology, measurements and standards, is collaborating with private-sector organizations to create the framework in response to President Barack Obama’s Executive Order, “Improving Critical Infrastructure Cybersecurity.” The goal of that order, issued in February, is to fortify the cybersecurity of the nation’s critical infrastructure by increasing information sharing and jointly designing and implementing a framework of cybersecurity practices with industry.

The framework uses existing international standards, practices and procedures that have proven to be effective to provide guidance to companies on how to manage cybersecurity risks with the same priority and urgency they give to financial, safety and operational risks.

NIST posted an outline in July and published the official draft of the Cybersecurity Framework [PDF] for public comment this past October. The executive order requires the NIST to finalize the framework by Feb. 19, 2014.

While implementing the framework will be voluntary, it will be beneficial for companies to adopt it. In-house counsel will be directly involved in formulating a process that establishes disclosure and compliance guidelines to follow in the event of a breach. Corporate counsel will be integral in designing strategies that address the five fundamental cybersecurity functions defined in the framework:

  1. Identifying threats: Developing an understanding of which business systems, assets, data and capabilities need to be protected.
  2. Protecting against threats: Devising safeguards to ensure delivery of essential infrastructure services.
  3. Detecting events: Applying actions to identify the occurrence of cybersecurity events.
  4. Responding to events: Implementing responses to detected cybersecurity events.
  5. Planning for recovery: Employing management processes to restore the capabilities that were impaired through cybersecurity breaches.

The framework also offers direction on how the private sector should create and use industry best practices to carry out the core functions and measure their current state of cybersecurity against their desired targeted state.

Corporate counsel’s vital role in the development of cybersecurity policies and practices is an extension of the GC office’s responsibilities for protecting and securing intellectual property and assessing and minimizing risks. In-house counsel can spearhead several components of the cybersecurity plan, including:

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.