The guidelines, focused on aiding critical industries and infrastructure that could be vulnerable to attack, come a year after President Obama signed an executive order directing the federal government to work with private businesses to draft minimum standards.
The president hailed the new guidelines as a “turning point” but cautioned that “more work needs to be done to enhance our cybersecurity,” urging Congress to also pass legislation.
“Cyber threats pose one the gravest national security dangers that the United States faces,” said Obama in a statement announcing the new guidelines.
“The National Institute of Standards and Technology has worked with the private sector to develop a Cybersecurity Framework that highlights best practices and globally recognized standards so that companies across our economy can better manage cyber risk to our critical infrastructure,” he added.
Obama called the Cybersecurity Framework “a great example of how the private sector and government can, and should, work together to meet this shared challenge.”
Critics say the measures could still be toothless, as there is no mechanism to force companies to adopt the standards. The guidelines were made voluntary to ease fears from businesses that the administration would hit them with more regulations.
Obama acknowledged that more must be done to protect the nation’s critical infrastructure and industries from cyber attacks.
“America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet,” said Obama. “Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property.
He added though that while “the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas.”
The president also called on lawmakers to “move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties” and vowed that his administration would continue to take action “to protect our nation from this threat.”
The White House in a statement said the Cybersecurity Framework consolidated the “standards, best practices and guidelines that would meaningfully improve critical infrastructure cybersecurity.”
While stressing that the guidelines were voluntary, the White House said the Department of Homeland Security had set up a program to “increase awareness and use” of the framework.
In addition, federal agencies were reviewing the guidelines to “enhance the protection of their systems.”