NIST Seeks Private-Sector Input at Cybersecurity Framework Workshop
From NIST Tech Beat: June 20, 2013
The National Institute of Standards and Technology (NIST) has opened registration for its 3rd Cybersecurity Framework Workshop, to be held July 10-12, 2013, in San Diego, Calif.
Executive Order 13636,* "Improving Critical Infrastructure Cybersecurity," gave NIST the responsibility to work with industry to develop a voluntary "framework"—incorporating existing standards, guidelines and best practices—that institutions could use to reduce the risk of cyber attacks. Critical infrastructure includes those industries vital to the nation's economy, security and health such as finance, energy, transportation, food and agriculture and health care.
More than 700 people attended NIST's first two workshops, in Washington, D.C., and Pittsburgh, with more than 2,500 people participating online. The workshops aim to bring together a broad set of participants from critical infrastructure owners and operators, industry associations, standards development organizations, individual companies and government agencies. The goal is to maximize private-sector input in developing the framework. Participants will be expected to actively assist in the framework development process through hands-on participation in breakout sessions.
“San Diego is an ideal location for this meeting because of the presence of academic centers, such as ours, a burgeoning high-tech and life sciences industry, and some of our nation’s most critical military bases and organizations,” said UC San Diego Chancellor Pradeep K. Khosla. “The San Diego region has launched several significant cyber security initiatives, recognizing that the outcome may be critical to our economic well-being and social fabric. We expect this workshop will attract many local business and civic leaders who want to have a voice in this process and its outcome.”
"We're holding these workshops in different parts of the country, but our focus is on the nation's critical infrastructure," said project leader Adam Sedgewick. "We have received considerable input already, but we look forward to hearing from both new industry representatives and those who are already engaged with the framework development. We will provide a draft outline and describe the approach of the framework, so it is a crucial time for all relevant industries to be involved to help us fill in the gaps and produce a framework that will be effective and widely used on a voluntary basis."
NIST expects the third workshop to result in a more detailed draft of the Cybersecurity Framework and a corresponding list of current standards, guidelines and practices, as well as important gaps. A final workshop is being planned for September 2013, after which NIST will release the official preliminary framework for public comment. According to the executive order, the final framework must be completed in February 2014.
Register to attend on the workshop webpage. The event is being hosted by the University of California, San Diego, and the National Health Information Sharing and Analysis Center.
Attendees should review the outline of the draft framework in advance. It is expected to be available by the end of June; registrants will be notified when the draft is posted. That site includes details on the framework development process such as links to comments received through a Request for Information, transcripts and video from the previous workshops and information on future workshops.
*"Improving Critical Infrastructure Cybersecurity" is available online.
Jan Zverina, SDSC Communications
858 534-5111 or firstname.lastname@example.org
Warren R. Froelich, SDSC Communications
858 822-3622 or email@example.com
Jennifer Huergo, NIST