• Cybersecurity

    Cybersecurity is an important issue to AFPM members. We have had a Cybersecurity Subcommittee under the Operational Planning Control & Automation Technologies Committee since 2005. This subcommittee has provided technical feedback on legislation and regulatory efforts. However, many of the cybersecurity issues we have presently (e.g. executive orders, information sharing, etc.) need not only technical feedback, but feedback from higher levels in our companies also. The members of the AFPM Government Regulations Committee, who also receive our emails on cybersecurity issues, are very much engaged with other industry issues.

    AFPM Position

    Cybersecurity demands proactive thinking by IT, industrial control systems, physical security and executive level staff. To that end, we suggest a standing ad hoc group of Chief Information Officers and those at the level from our membership, both regular and associate members, to review draft legislation, proposed regulatory requirements, and to help us engage more fully in these efforts. We believe that by having this ad hoc group, along with the existing Cybersecurity Subcommittee, we will be able to fully cover both technical and advocacy issues in cybersecurity.

    AFPM also supports efforts to allow and encourage member companies to freely share information with the government and other private companies—in a timely manner and secure environment—while also being provided with adequate liability and antitrust protections. Importantly, cybersecurity legislation should not impose mandatory standards on the private sector nor duplicate existing requirements already being implemented.

    NIST Cybersecurity Framework

    Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.

    NIST released the first version of the Framework for Improving Critical Infrastructure Cybersecurity on February 12, 2014. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

    NIST Framework