As result of President Obama’s Executive Order on steps to improve critical infrastructure cybersecurity, the National Institute on Standards (NIST) was tasked to develop a framework to improve U.S. critical infrastructure cybersecurity. Published in February 2012, the framework is the result of collaboration between government and the private sector. Over the summer, the administration started taking the framework to international partners. The United States already has close cooperation and shared infrastructure with Canada and Mexico. The international effort is designed to advance objectives in developing global norms.
As the growth in the Internet shifts to what used to be considered the developing world, the emerging markets of Africa, Asia, and Latin America will become increasingly important economic partners. Economic partners with ever growing critical infrastructure concerns. While U.S. standards are not immediately ready for implementation in other countries due to differences in law and custom, especially in areas dealing with privacy concerns and the nature of the public-private sector partnership, international standards organizations do exist and can be leveraged to improve global critical infrastructure protection. The International Organization for Standardization (ISO) offers guidelines and cybersecurity certification in the information technology sector under the ISO/IEC 27000 series. Additionally the International Society for Automation (ISA) which focuses on the control systems that drive many of the devices in the critical infrastructure universe offers certification.
Workforce development in this area is key to going forward in the developing world. At the intergovernmental level, the Meridian Process provides a forum for government policy makers. This series of conferences offers a means to exchange best practices in an interconnected world. The next meeting is planned for November in Tokyo, Japan. Ultimately, global critical infrastructure protection is a team sport. Exploits from one geography are quickly exported. The next Shellshock could well be in CIP control systems. International coordination and the establishment of international standards work to improve the system for all.