What others are saying
The White House provided a long list of comments about the framework from top industry executives and from members of Congress. Of course it reads like the copy on a book jacket: Lots of praise for the private-public effort that went into creating the framework and nary a word of criticism.
But there's also a clear sense CEOs and public leaders see the seriousness of the threats -- and the importance of having the framework. For what it's worth, here are a few excerpts of what others are saying:
Renee James, President, Intel:
"Improving cybersecurity in ways that promote innovation and protect citizens' privacy is the only way to preserve the promise of the Internet as a driver of global economic development and social interaction. Intel applauds the Administration and the National Institute of Standards and Technology for constructing the cybersecurity framework hand-in-hand with industry and other stakeholders, building a model of a voluntary, risk-based tool that can be utilized by a broad array of organizations. "
Steve Bennett, President & CEO, Symantec Corporation:
"The effort to develop the NIST Cybersecurity Framework has been a model of public-private partnership. Symantec believes the Framework will be useful to all organizations, whether they have well-developed cybersecurity programs or are looking to start one. Symantec has already begun to incorporate the Framework into our internal security program, and I expect that many of our customers will use it as well."
Joseph Rigby, Chairman and CEO, Pepco Holdings Incorporated:
"We believe the partnership between the government and affected industries is critical to ensure preparation and readiness; this Framework is evidence of the commitment of stakeholders to work together to protect against cyber threats."
Charles W Scharf, CEO, Visa:
"Visa supports a standards-based approach, and we're encouraged by the final framework issued by the Administration which promotes the adoption of existing security best practices. We also support robust information sharing programs with appropriate liability protections to further bolster global cyber security."
Edward Amoroso, Senior Vice President and Chief Security Officer for AT&T Services: "Effective cybersecurity presents a complex challenge requiring collaboration from across the entire Internet ecosystem. The Cybersecurity Framework builds in the necessary flexibility for effective implementation and continued innovation.... and shows international leadership by demonstrating that an effective partnership between government and industry is the most effective way to combat cyber-attacks."
Doug Wylie, Director, Product Security Risk Management, Rockwell Automation: "As the world's largest company dedicated to providing industrial automation solutions, Rockwell Automation strongly supports this voluntary Cybersecurity Framework because it helps to amplify the importance of protecting national critical infrastructures and related industrial control systems."
Terry Rice, CISO, Merck & Co, Inc: "Merck has begun adoption and implementation of the Cybersecurity Framework.... Merck commends NIST's superior leadership in advancing the foundation of cybersecurity through this new Framework."
Marilyn Hewson, Chairman, President and CEO, Lockheed Martin: "Cybersecurity is a shared responsibility between government and industry, and we applaud the Administration for making it a priority. We support the Administration's voluntary, transparent and flexible approach to developing the Cybersecurity Framework, and believe it will enable American businesses—large and small—to do their part."
Senator Jay Rockefeller (D-WV), Chair of the Committee on Commerce, Science, and Transportation:
"The recent data breaches at Target and other retailers are a stark reminder that our networks continue to be vulnerable to cyber attacks. The Cybersecurity Framework NIST released today represents a major step forward in improving our cyber defenses. It should become an essential touchstone, not just for critical infrastructure operators, but for all companies and government agencies that need to protect their systems and their data."
Senator Tom Carper (D-DE), Chairman of the Committee on Homeland Security and Governmental Affairs: "This voluntary framework provides a much needed roadmap for improving the cybersecurity of our most critical infrastructure. Companies now have a common, but flexible path forward to better secure their systems, and also a meaningful way to measure their progress. We must now focus like a laser on ensuring widespread implementation of the framework in order to effectively protect our national and economic security."