Share on:

NIST Cybersecurity Standards

A quick summary of the NIST cybersecurity framework

Image courtesy of NIST

Barack Obama ordered its creation in 2013 via an Executive Order, and it came into being in 2014 through the US National Institute of Standards and Technology (NIST). These cybersecurity standards were designed specifically to protect vital computing infrastructure.

Commonly contracted to CSF (for Cyber-Security Framework), it is now the de facto standard.  Its function is to create a five-step process to Identify, Protect, Detect, Respond, and Recover from security breaches.

Consequent to its success, the CSF has been adopted by many governments, not in a battle against each other, but in the ongoing fight against criminal elements who have no regard for a nation’s sovereignty, and seek to cause harm.  Its wide adoption has seen it translated into many languages including Russian, Spanish, Italian, French, and Japanese.

Businesses know what works

Companies recognize a good thing when they see it, particularly if they are considered primary targets for hackers.  Microsoft jumped on the bandwagon, right along with Intel; financial institutions like JP Morgan Chase and the Bank of England came on board; they were joined by infrastructure organizations such as the Ontario Energy Board and Nippon T&T Corporation.  Adoption stands at more than 30% in the US alone.

It’s a framework

You should be aware, however, that you cannot comply with a framework. The core of the CSF is a massive spreadsheet composed of 20 pages.  Its purpose is to help your company comply with your cybersecurity requirements. The CSF was created to help you help yourself.

Nothing is 100% safe

The difficulty, however, is that companies don’t know how to proceed with implementing the recommendations of the CSF to keep themselves safe. This is why there are expert intermediaries like Blumira that understand all the subtleties, convolutions, back checks, interrelationships, and strategies that make it work.

The simple fact of the matter is that protection is not always successful.  These criminal hackers have the time, resources, and the money to overcome your best-laid security plans.  Keeping them out is truly impossible, but making that access as difficult as possible is essential.

Once they do manipulate their way in, detection and response are essential.  Failure to do so brings on analogies involving Bulls and China Shops, not to mention litigation, lawsuits, and liability, on top of the loss of community respect.  You cannot take this lightly.

The five steps

  1. IDENTIFY you have to know where you are beginning — so you understand your legal/regulatory/moral obligations; identify software and hardware assets so they can be managed; identify your role in infrastructure or the Supply Chain; and, identify how you will cope with a Supply Chain breakdown.
  2. PROTECT by providing staff with awareness training; by matching response to risk factors; by creating information protection strategies; by creating ID Management and Access strategies; by using protective technologies (e.g., USB single-use code generator key fobs, etc.) to control access.
  3. DETECTION by utilizing Remote Maintenance and Monitoring 24/7 to immediately recognize threats; by using pseudo attacks to assure the system is identifying and responding correctly; by recording anomalies and events so they can be studied.
  4. RESPONSE including managing communications during the threat; making sure the correct response is implemented to an identified threat (use the NASA Strategy of “Don’t do anything until you understand the problem because you’ll likely make it worse.”); follow policies (isolating systems) to minimize the spread; then make sure that forensic analysis takes place after the event  to improve responses.
  5. RECOVERY can include numerous strategies such as a complete wipe of the system and restoring from the most recent backups.  If you’re using multi-site servers (Cloud or Private), once a system is clean you can import a copy from elsewhere, putting you right back in business in just hours.

Other essential elements include study of the incident and building on what was learned.  Most painful is reporting to the media, especially if customers were affected, sincerely apologizing, and explaining consequences, how they can check to see if they were affected, and your mitigation strategies to prevent such things in the future.

Unfortunately, most IT departments lack the experience to interpret and set up the CSF effectively.  It is, admittedly, a very complex process with thousands of variables. In most cases, it would be unfair to expect your IT department to add all this additional labor onto their current workload and still be effective in all their other duties.  You’re going to need some outside support.

Blumira can help

Let’s be honest, the best thing that can happen is we all get through steps one, two, and three before anything disastrous happens, and that step four works perfectly.  Nobody wants to deal with the PR problems of step five if they can be avoided. That’s why you need Blumira to help you implement threat detection and response and to do it cost-effectively. Unlike traditional SIEMs, Blumira works without a 24/7 SOC and integrates with your existing cyber security protocols. Our intuitive threat detection software disrupts threats before they happen and provides your existing IT teams with actionable items to mitigate threats. In the end, your company has peace of mind that their data and credibility are intact without the deployment of extra agents.

The takeaway

It’s not your specialty—you can’t know everything—but now you know someone that does understand the challenge intimately…Blumira.

Getting ahead of the problem is 99% of the battle.  Request a demo to learn more and so you can truly understand the scope of the situation you will find yourself up against.

Security news and stories right to your inbox!