The US government released its draft cybersecurity guidelines on Tuesday to address a range of cyber threats on critical infrastructure.
According to a report by Wall Street Journal, the guidelines a voluntary for companies including big banks, oil firms and large pharmaceuticals considered vital to US security.
The US National Institute of Standards and Technology will finalize the document in early 2014 after receiving feedback from the public. The 47-page draft document, which included input from around 3,000 experts, builds on the executive order on cybersecurity released in February.
The executive order included two main components, voluntary information sharing and the development of a cybersecurity framework.
The core of the framework includes five functions: Identify, Protect, Detect, Respond and Recover.
A report by WSJ is critical of the draft, which it said doesn’t create a sense of urgency around certain issues, and weighs all of the recommendations the same. NIST said that a blanket list of priorities is unfeasible since the document is designed to cover a wide range of companies and industries.
While the framework is voluntary, government-enforced cybersecurity guidelines and best practices could be profitable to service providers who provide security services to enterprises with critical infrastructure.