Just as the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) completes its version 1.0 National Framework for Improving Critical Infrastructure Cybersecurity, California Attorney General Kamala Harris has made clear she intends a leadership role for California. With the just published guide entitled “Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents,” the Attorney General offers a simplified, brief, and plain English version of cybersecurity protection directed toward small and medium size California businesses that likely lack the resources to hire full-time cybersecurity personnel.
The Guide’s “Practical Steps to Minimize Cyber Vulnerabilities” is based on acknowledged deficiencies in the devices, websites, and applications at the network’s edge, and on the need for users and businesses to discipline their behavior and increase their vigilance against threats posed by Internet thieves. The best practices outlined in the Guide are not unique to small or medium size businesses and overlap to a large extent NIST’s perspective on threats and cyber recommendations from many sources. The NIST Framework provides greater detail and is more explicit in the latitude it provides for business judgments about the proportionality of precautions with respect to the specific risks posed by cybercriminals.
Both California’s Guide and NIST’s Framework seek to encourage organizations to analyze risks, determine needs, and outline plans to protect, detect, respond and recover when a cybersecurity breach occurs.
From California’s just published guidance, one thing is clear. Just as the Attorney General took the lead in privacy efforts and is leading state attorneys general in their own investigation of the Neiman Marcus, Target, and Michaels Stores breaches, she is taking the lead in protecting California businesses and consumers against cybersecurity threats, both domestically and internationally, posed by Internet criminals. Stay tuned for more developments in this area.