Brian Fung reports:
It’s been a long time coming, and some experts say it isn’t enough. But the White House has now put the finishing touches on a set of security guidelines meant to help businesses defend themselves from hackers and cyberattacks.
Senior administration officials call the framework for cybersecurity “a major milestone achievement,” one year after President Obama issued an executive order on defending the nation’s railroads, energy grid and other critical infrastructure from an online assault. To that end, the new guidelines offer suggestions for how businesses can protect their systems.
The suggestions are also aimed at companies that handle sensitive consumer data, such as retailers. High-profile data breaches at Target and Neiman Marcus in recent months have refocused attention on corporate IT security practices.
Adoption of the standards will be voluntary, and officials stressed their intent was not to impose new regulations on businesses. Instead, the cybersecurity framework suggests ways companies can identify threats, protect themselves against them, detect intrusions when they occur, respond to those breaches and recover in the aftermath.
[…]
Privacy groups took aim at the document, which in previous drafts had included a separate appendix laying out how businesses could share information about threats without endangering civil liberties. Wednesday’s final draft, however, eliminated the privacy appendix in favor of folding its ideas into parts of the broader document. Senior officials said the privacy language did not receive sufficient support among the participating groups to survive as a standalone section.
Read more on Washington Post.