The White House released new guidelines Wednesday advising American businesses on how best to beef up their cybersecurity.
In 39 pages, the National Institute of Standards and Technology laid out advice on detecting and recovering from online threats. That includes 1) advice on who to trust with passwords, 2) how to work cybersecurity training into worker orientation and 3) when to contact law enforcement agencies after an attack.
This cybersecurity "framework" comes exactly one year after President Obama asked for such a report in an executive order. (Via The White House / Pete Souza)
These tips are meant to help businesses protect themselves from the kind of hacking that recently exposed personal information belonging to millions of consumers at stores including Target and Neiman Marcus. (Via WJLA, KARE)
Cybersecurity is also a major concern for infrastructure facilities like power plants, identified by the government long ago as potential targets for online attacks. (Via Wikimedia Commons)
But without any action from Congress to require new security standards, the Obama administration's guidelines are just that: guidelines. And that's why critics of the document released Wednesday say it's not doing anyone any good.
One such critic, a security firm CEO, said most businesses will see little reason to follow the report's suggestions. He tells NBC: "When you're asking companies to spend money to keep their lights on, or spend it on cybersecurity, you can guess what wins every time."
In a statement released Wednesday, Obama himself seemed to give some ground on this point, saying: "While I believe today’s Framework marks a turning point, it’s clear that much more work needs to be done to enhance our cybersecurity."
The president also specifically asked Congress to pull together legislation that would put real incentives in place for improved cybersecurity in the private sector. Until that happens, many parts of the nation's economy and energy infrastructure remain at risk.