WASHINGTON—The United States’ leading industrial agency is unveiling a new version of its pioneering cybersecurity guidance for the first time in 10 years.
The National Institute for Standards and Technology (NIST) released the new version of its Cybersecurity Framework (CSF) on Feb. 26, providing the first major update to the document since it was released in 2014.
The new version of the CSF is designed to provide security frameworks for organizations of all types and sizes, whereas the original was meant to serve critical infrastructure only.
NIST Director Laurie Locascio said that the evolution had been in the works for many years following the reception of the first version and a lengthy comment period from thousands of stakeholders.
“Things have evolved,” Ms. Locascio said Monday at the Aspen Institute think tank in Washington.
“Very quickly, it was realized that this could be used for many sectors, many organizations large and small.”
Similar in scope to extending the framework to all organizations, the new CSF also introduces a sixth “function,” the highest type of abstract principle extracted from the framework.
That new function is “govern” and outlines the need for organizations to prepare for supply chain risks, regulatory oversight, and other related issues.
Likewise, Ms. Locascio said she hoped the document would help various sectors adapt their needs to a “common language around cybersecurity.”
“It’s all about building trust in technology,” she said.
“[Chinese] state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States,” the advisory said.
The malware, it said, was devised “to launch destructive cyber-attacks that would jeopardize the physical safety of Americans and impede military readiness.”
“There is no economic benefit for these actions. There is no intelligence-gathering rationale,” he said.
“The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”