WASHINGTON (USA TODAY) - The Obama administration on Wednesday released its final version of its "cybersecurity framework," a best practices guide for banking, defense, utilities and other industries to help protect themselves against attacks by hackers.
The framework, which sets voluntary guidelines for critical industries, comes after President Obama signed an executive order last year that called on the Commerce Department to develop the guidelines.
The president issued the executive order only after failing to persuade Congress to pass legislation requiring companies to better defend their networks.
"While I believe today's framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity," Obama said in a statement. "America's economic prosperity, national security and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property."
Obama, who first made the call to create the guidelines in his 2013 State of the Union address, specifically called on the government to tap private industry and come up with a plan to improve information-sharing with the private sector and raise the level of cybersecurity across critical U.S. infrastructure by encouraging widely accepted standards and best practices, all while keeping civil liberty concerns in mind.
The framework is built around five broad categories - identify; protect; detect; respond; and recover - that companies should consider in cybersecurity planning. Department of Homeland Security Secretary Jeh Johnson also announced Wednesday that his agency was starting a program that will help companies implement the framework.
The current framework does not include tax breaks or other financial incentives, something that could give industry the push they seek to adopt the framework. Still, even without financial incentives, the White House believes that companies will embrace the framework.
"There's an enlightened self-interest here that we are counting on," said a senior administration official, who was not authorized to comment and requested anonymity.
The tech industry has been skeptical - if not outright critical - of the president's handling of the National Security Agency imbroglio. They claim the NSA's practices are costing them billions of dollars in sales in Europe and Asia to customers who fear American products have been compromised by the agency.
On Wednesday, at least, one major tech group said it was encouraged by the framework. "We are confident" it will "preserve IT innovation and technology neutrality," the Software & Information Industry Association said in a statement.
AT&T CEO Randall Stephenson acknowledged there is no need to motivate executives at his company on the issue.
"There is nothing more brand-affecting for a company like AT&T than cybersecurity and exposure in cybersecurity," Stephenson said. "And there is nothing that is more impactful to our customers if we're not doing everything we can from a cybersecurity standpoint."
Commerce Secretary Penny Pritzker said the framework is intended to be a "living document" to assist what should be an industry-driven effort to bolster cybersecurity.
"Today is not the end point," Pritzker said. "Instead, the framework is a starting point."