By Ed Amoroso, AT&T Senior Vice President and Chief Security Officer
AT&T applauds the National Institute of Standards and Technologies (NIST) on the release of its Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. President Obama’s February 2013 Executive Order directed NIST to improve our nation’s critical infrastructure cybersecurity by establishing a framework to “provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”
While we will be reviewing the details of the Cybersecurity Framework over the coming months to see how it best complements our existing cyber-risk management program, a few things are clear now.
• First, the Cybersecurity Framework builds upon existing industry security standards and spans all 16 sectors of critical infrastructure. Effective cybersecurity presents a complex challenge requiring collaboration from across the entire Internet ecosystem.
• Second, the Cybersecurity Framework builds in the necessary flexibility for effective implementation and continued innovation. This flexibility is vital, as it allows organizations to adapt and evolve as the threat landscape continuously shifts.
• Third, the Cybersecurity Framework shows international leadership by demonstrating that an effective partnership between government and industry is the most effective way to combat cyber-attacks.
In that spirit, today, our CEO, Randall Stephenson, is participating in a roundtable discussion at the White House with Secretary Pritzker and other industry leaders on the Cybersecurity Framework. We look forward to continuing our work with government and industry partners to effectively protect the nation’s critical infrastructure from existing and future cybersecurity threats.