NIST to build cybersecurity framework, with your help

5124_NIST_logo_175x175

The federal government is seeking help from the public for ideas to boost cybersecurity measures for the nation’s critical infrastructure.

The National Institute of Standards and Technology has issued a request for information for what it calls the first step in the process to develop a Cybersecurity Framework.

The Cybersecurity Framework will be a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers that support critical infrastructure vital to the nation’s economy, security and daily life, according to the NIST announcement published in the Federal Register .

The RFI comes amid reports of widespread hacking attacks by China on U.S. and foreign institutions, as revealed by security firm Mandiant.

NIST is calling for ideas, recommendations and other input from critical infrastructure owners and operators, federal agencies, state and local governments, standards-setting organizations and other interested parties. It’s looking for information about current risk management practices; use of frameworks, standards, guidelines and best practices; specific industry practices; and more.

In announcing the initiative prior to releasing the RFI, NIST said it will use the input gathered to identify existing consensus standards, practices and procedures that have been effective and that can be adopted by industry to protect its digital information and infrastructure from the full range of cybersecurity threats.

The framework will not dictate “one-size-fits-all” solutions, but will instead enable innovation by providing guidance that is technology-neutral and recognizes the different needs and challenges within and among critical infrastructure sectors, NIST said.

President Barack Obama called for the framework to reduce cyber risks in a Feb. 12 Executive Order  on “Improving Critical Infrastructure Cybersecurity” for essential institutions such as power plants and financial, transportation and communications systems.

Stakeholder meetings are also a part of the framework process. The first meeting will be held April 3 at NIST headquarters in Gaithersburg, Md. Registration information is available here.

Comments are due by 5 p.m. Eastern Time on April 8, and should be e-mailed tocyberframework@nist.gov with the subject line: “Developing a Framework to Improve Critical Infrastructure Cybersecurity.”

Posted by David Hubler on Feb 28, 2013 at 9:10 AM