Since release of the final version of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity there has been widespread discussion about the value and effectiveness of the Framework for utilities and those other entities which make up the critical infrastructure sectors. Some have argued that the Framework has already been out-paced by industry specific guidelines (such as the recently approved FERC Standards), and lacks enforcement "teeth" because it is voluntary. While as a general matter I agree with the latter point, neither argument answers the most important question about the Framework’s worth. Will it help me achieve better cybersecurity? I believe that the Framework, will provide critical infrastructure businesses with far greater cybersecurity value and effectiveness than is now generally acknowledged. Why is this true?

To read the full text by Joseph M. Burton, please visit the Intelligent Utility website.