With the National Institute of Standards and Technology (NIST) Cybersecurity Framework for reducing critical infrastructure cyber risks now published, the Department of Homeland Security (DHS) has launched an initiative to encourage infrastructure owners and operators to voluntarily adopt it.
Developed in response to Executive Order 13636, the Framework is intended to help organizations apply the principles and best practices of risk management to improving cybersecurity and securing critical infrastructure.
The DHS adoption initiative is called the Critical Infrastructure Cyber Community or C3 (pronounced “C Cubed”) Voluntary Program. It is meant to help sectors and organizations that want to use the Framework by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. government organizations and the private sector. Initially, according to DHS, most resources will consist of DHS programs, but the resources list will grow to include cross sector, industry, and state and local resources.
During its first year, the C3 Voluntary Program's focus will be working with federal agencies with jurisdiction over certain sectors – such as U.S. EPA, for the water sector – and organizations using the Framework to develop guidance on how to implement the Framework. Earlier this month, AWWA published its Process Control System Security Guidance for the Water Sector, which is intended to complement the NIST Cybersecurity Framework.