The National Institute of Standards and Technology has issued a security guideline that works to address ways to engineer systems that can operate continuously amid various disruptions, threats and hazards.

NIST Fellow Ron Ross wrote in a blog post published Tuesday the Special Publication 800-160 Systems Security Engineering guide was developed after four years of research and development.

“Our fundamental cybersecurity problem can be summed up in three words—too much complexity,” Ross wrote.

“There are simply too many bases—all the software, firmware, and hardware components that we rely on to run our critical infrastructure, business, and industrial systems—for us to cover as it is, and we’re adding to the number of bases all the time,” he added.

Ross noted increased complexity gives adversaries “limitless opportunity” to attack vulnerabilities in underlying systems.

Fundamental weaknesses in system architecture and design can be mitigated through a “holistic approach” based on systems security engineering techniques and design principles, according to Ross.

The security engineering approach is designed to help systems block penetration; limit damage from disruptions, hazards and threats; and continue to support missions and business operations after security incidents, Ross stated.

Organizations should integrate engineering-based security design principles at physical and virtual levels to address vulnerabilities, Ross said.

Navy Adm. Michael Rogers, director of the National Security Agency, has said the “arbitrary lines” between public and private property have resulted in “uneven” cooperation between the private sector and government in the campaign against cyber attacks, the Wall Street Journal reported Tuesday.

Rogers told attendees at The Wall Street Journal CEO Council that approximately two-thirds of cyber hackers are criminal groups that seek financial gain through data theft while the rest are state-sponsored network threat actors, the Journal’s Alan Cullison wrote.

“My point is that cyber does not recognize these arbitrary lines that we have drawn — it doesn’t recognize the geography,” Rogers said.

“Network structures in the world wide web [are] not organized that way. Our adversaries don’t work that way,” he added.

Rogers, who is also chief of the Cyber Command, called on company executives to get involved in cybersecurity and urged U.S. firms to provide the government access to their networks in order to defend data infrastructure from cyber threats, the report said.

The Department of Homeland Security has released a set of principles to detail new approaches and suggested practices on how to secure technologies associated with the Internet of Things.

DHS said Tuesday the principles were established to guide stakeholders on risk-based security decisions such as the design, manufacture and use of internet-connected devices and systems.

“Securing the Internet of Things has become a matter of homeland security,” said Jeh Johnson, secretary of homeland security.

“We increasingly rely on functional networks to advance life-sustaining activities, from self-driving cars to the control systems that deliver water and power to our homes.

DHS noted the principles focus on areas such as security at the design phase, security updates and vulnerability management, security practices, transparency across the IOT ecosystem and careful and deliberate connection.

The principles were also established to provide stakeholders with tools to help account for security as organizations develop, manufacture, implement or utilize network-connected devices.

The National Institute of Standards and Technology has collaborated with the U.S. Coast Guard and the oil and natural gas industry to develop a cybersecurity document that aims to ensure the safe transfer of hazardous liquids from marine vessels to ground pipelines and vehicles.

NIST’s National Cybersecurity Center of Excellence developed the cybersecurity framework profile in an effort to help risk managers, vessel operators, cyber professionals and operations executives evaluate cyber risks related to the “maritime bulk liquid transfer” process, NIST said Thursday.

The maritime bulk liquid transfer process depends on computers to monitor sensors as well as run pumps and valves.

The profile seeks to comply with the Framework for Improving Critical Infrastructure Cybersecurity that NIST published in 2014 and provides organizations guidance on security controls for information technology and operational technology platforms that include pressure, transfer, storage, emergency response, spill mitigation and vapor monitoring systems.

Lt. Josephine Long, a marine safety expert at the critical infrastructure branch within USCG’s office of port and facility compliance, said USCG plans to partner with NCCoE to create additional cyber profiles for passenger vessel, mobile offshore drilling and terminal operations.