Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
The release of the new cybersecurity framework by the National Institute of Standards and Technology (NIST) on Oct. 29, 2013, will likely increase the risk of liability facing corporate fiduciaries. Given the impact it will have on businesses, President Barack Obama, in the executive order “Improving Critical Infrastructure Cybersecurity,” directed NIST to work with the public to develop the framework. And it is still a work in progress. The 45-day public comment period on the preliminary framework is open until 5 p.m. EST on Friday, Dec. 13.
Although targeted toward critical infrastructure companies, once enacted, the framework will consist of “voluntary” standards, guidelines and best practices. However, the standards will likely become the measuring stick against which the actions—or inaction—of all corporate leaders will be judged. As a result, diligent corporate officers, regardless of industry, should understand the contours of the framework, take advantage of the opportunity to influence the framework and ensure that their companies are compliant with the NIST recommendations to reduce cyberrisks.