The U.S. government on Wednesday released the final version of standards meant to help companies in nationally critical industries better defend against cyberattacks, and officials now face the challenge of getting the private sector to adopt the voluntary measures.
Criticized for being too vague and toothless, the so-called cybersecurity framework turned a vast amount of industry input into guidelines designed for 16 different sectors whose disruption could be devastating to the country.
The release from the National Institute of Standards and Technology comes exactly one year after President Barack Obama issued an executive order directing the agency to compile voluntary minimum cybersecurity standards as one step to counter the lack of progress on cybersecurity law in Congress.
In the fall of 2012, then-Defense Secretary Leon Panetta wsrned that the country faces a potential ``cyber Pearl Harbor.''
(Read more: US seeks geeks for help in 'cyber Pearl Harbor')
"While I believe today's Framework marks a turning point, it's clear that much more work needs to be done to enhance our cybersecurity,'' Obama said in a statement.
(Read more: Record cyberattack 'start of ugly things to come')
"I again urge Congress to move forward on cybersecurity legislation that both protects our nation and our privacy and civil liberties,'' he said."Meanwhile, my Administration will continue to take action, under existing authorities, to protect our nation from this threat.''
The framework, drafted by the nonregulatory government agency in consultation with thousands of industry experts, offers broad benchmarks for companies to measure the effectiveness of their cyberdefenses.
The Obama administration had faced intense push back from the private sector on its earlier effort to mandate cyberdefense standards, which contributed to stalled legislation. Now, the White House hopes companies voluntarily adopt the framework they have helped draft.
"This voluntary Framework is a great example of how the private sector and government can, and should, work together to meet this shared challenge,''Obama said. A senior administration official called the framework the beginning of a "continuing common-sense conversation'' about protecting the nation's critical assets from cyberattacks.
"I think that the NIST standards will become over the next year or two, while we are waiting for legislation, the de facto best practices, just because they are accessible and current,'' said Jonathan Fairtlough, managing director at Kroll Advisory Solutions' cyberinvestigations practice.
Will they adopt?
Cybersecurity experts warn that relentless efforts to hack into U.S. banks and financial institutions, the power grid and other critical infrastructure, paired with instances of disruptive attacks abroad, pose a national security threat.
The issue recently became a household topic after hackers stole about 40 million credit and debit card records and 70 million other records with personal customer data from the third-largest U.S. retailer, Target.