Pulse

By GCN Staff

Blog archive
Power plant

NIST to build cybersecurity framework, with your help

The federal government is seeking help from the public for ideas to boost cybersecurity measures for the nation’s critical infrastructure.

The National Institute of Standards and Technology has issued a request for information for what it calls the first step in the process to develop a Cybersecurity Framework.

The Cybersecurity Framework will be a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers that support critical infrastructure vital to the nation's economy, security and daily life, according to the NIST announcement published in the Federal Register .

The RFI comes amid reports of widespread hacking attacks by China on U.S. and foreign institutions, as revealed by security firm Mandiant.

NIST is calling for ideas, recommendations and other input from critical infrastructure owners and operators, federal agencies, state and local governments, standards-setting organizations and other interested parties. It’s looking for information about current risk management practices; use of frameworks, standards, guidelines and best practices; specific industry practices; and more.

In announcing the initiative prior to releasing the RFI, NIST said it will use the input gathered to identify existing consensus standards, practices and procedures that have been effective and that can be adopted by industry to protect its digital information and infrastructure from the full range of cybersecurity threats.

The framework will not dictate “one-size-fits-all” solutions, but will instead enable innovation by providing guidance that is technology-neutral and recognizes the different needs and challenges within and among critical infrastructure sectors, NIST said.

President Barack Obama called for the framework to reduce cyber risks in a Feb. 12 Executive Order  on "Improving Critical Infrastructure Cybersecurity" for essential institutions such as power plants and financial, transportation and communications systems.

Stakeholder meetings are also a part of the framework process. The first meeting will be held April 3 at NIST headquarters in Gaithersburg, Md. Registration information is available here.

Comments are due by 5 p.m. Eastern Time on April 8, and should be e-mailed to cyberframework@nist.gov with the subject line: "Developing a Framework to Improve Critical Infrastructure Cybersecurity."

Posted by David Hubler on Feb 28, 2013 at 9:39 AM


Reader Comments

Fri, Aug 30, 2013 Building a Cybersecurity Framework http://www.cbinsight.com/building-cybersecurity-framework.html

Nice blog and thanks for sharing. In additions before buying Cyber Insurance be clear what the coverage objectives are and buy the product you need.

Fri, Mar 1, 2013

What? They already forgot we have the Google search engine?... This whole thing sounds phishy to me.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities