Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

NIST Cyber Security Framework proposal provides no 'measurable cybersecurity assurance'

Antone Gonsalves | Sept. 6, 2013
Plan's self-regulatory approach toward industrial control systems 'doesn't do us a hell of a lot of good,' another expert said

Langner and Weiss also agreed on the ineffectiveness of the CSF proposal letting organizations choose the level of cybersecurity they want to achieve. Allowing a critical infrastructure provider to set its own goals means an organization could choose a level of zero, and "still be conformant with the CSF," Langner said.

"The CSF allows any organization, no matter how good or bad at cybersecurity, to be CSF-conformant," he said. "It makes everybody happy. Everybody, including potential attackers."

NIST is expected to publish the final CSF in February.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.