America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.
That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.
– President Obama, February 12, 2013
U.S. national and economic security depends on the reliable functioning of critical infrastructure. In recognition of that dependence, President Obama issued an executive order in February 2013 to increase our critical infrastructure’s capabilities to manage cyber risk; the order focuses on information sharing, privacy, and the adoption of cybersecurity practices. In support of this goal, the order directed the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to convene industry and other stakeholders to develop a voluntary framework for reducing cyber risks.
Today we are pleased to announce the start of the 45-day public comment period for the Preliminary Cybersecurity Framework. This announcement represents an important milestone in this collaborative effort to develop the framework, and the feedback received during this period will inform the final version.