On December 5, the National Institute of Standards and Technology (NIST) issued an update regarding its Framework for Improving Critical Infrastructure Cybersecurity (Framework). Since its release in February 2014, the Framework has become an important benchmark for corporate cybersecurity programs. NIST’s update addresses industry input received from an October workshop and an August Request for Information. It also describes NIST’s plans to support future use of the Framework.
Democratic politicians are proposing a novel approach to cybersecurity: fine technology companies $100,000 a day unless they comply with directives imposed by the U.S. Department of Homeland Security.
Legislation introduced this week would allow DHS Secretary Janet Napolitano to levy those and other civil penalties on noncompliant companies that the government deems "critical," a broad term that could sweep in Web firms, broadband providers, and even software companies and search engines.