"The national and economic security of the United States depends on the reliable functioning of critical infrastructure. To strengthen the resilience of this infrastructure, President Obama issued Executive Order 13636 (EO), 'Improving Critical Infrastructure Cybersecurity' on February 12, 2013. This Executive Order calls for the development of a voluntary Cybersecurity Framework ('Framework') that provides a 'prioritized, flexible, repeatable, performance-based, and cost- effective approach' for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk. Critical infrastructure is defined in the EO as 'systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.' Due to the increasing pressures from external threats, organizations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risk. The critical infrastructure community includes public and private owners and operators, and other supporting entities that play a role in securing the Nation's infrastructure. Each sector performs critical functions that are supported by information technology (IT), industrial control systems (ICS) and, in many cases, both IT and ICS. To manage cybersecurity risks, a clear understanding of the security challenges and considerations specific to IT and ICS is required. Because each organization's risk is unique, along with its use of IT and ICS, the implementation of the Framework will vary."