The Defense Department has proposed major changes to an emerging federal cybersecurity framework to strengthen risk management and stress the resiliency needed for continued operations amid incidents that degrade network performance. The voluntary framework, which is being developed by the National Institute of Standards and Technology for critical infrastructure companies, is "structured for top-down risk management," DOD writes in comments filed on Dec. 16, but risk management "works better as a holistic process of organizational behavior that includes engagement at...
