An upcoming rewrite of the National Infrastructure Protection Plan will focus on evolving risks to cyber systems and address industry concerns about measurable outcomes, improved information-sharing and the need to establish common national priorities, according to a senior Department of Homeland Security official.
DHS must submit the revised protection plan, known as the NIPP, to the White House by Oct. 10, under Presidential Policy Directive 21 on critical infrastructure security and resilience. The NIPP addresses a range of threats...
The National Association of Manufacturers intends to convene a “focus group” of senior executives from small and mid-sized firms in the coming months to discuss the voluntary cybersecurity framework being developed by the National Institute of Standards and Technology.
The internal discussion is likely to come after NIST releases its preliminary framework for public comment on Oct. 10, according to NAM officials. The framework was mandated by President Obama's Executive Order 13636, with a final version due in February....
The U.S. military's embrace of offensive cyber weaponry ignores the ongoing vulnerability of the nation's critical infrastructure, including power grids and telecommunications networks, which could be targeted in retaliation for cyber attacks overseas, according to cybersecurity experts. The federal government is developing voluntary cybersecurity standards for critical infrastructure that partially address these concerns, according to one of the experts.
“I'm so against Stuxnet because we have a 'glass' infrastructure,” Jason Healey, director of the cyber statecraft initiative at the Atlantic...
Cybersecurity language in a defense authorization bill passed by the House could mean increased costs for contractors and a more intrusive role for military Internet traffic watchers, according to a coalition of industry associations.
The coalition last month sent an analysis of the language to Capitol Hill, taking issue with a section of the House bill, No. 934, that would require the Pentagon to notify the four congressional defense committees whenever investigations are launched into the suspected theft of what...
Federal officials at this week's cybersecurity workshop in Dallas should expect pointed questions about how companies measure cost effectiveness, set priorities and demonstrate adoption under the voluntary framework for critical infrastructure being developed by the National Institute of Standards and Technology.
With a month to go before NIST releases a preliminary framework for public comment, some industry representatives will go to Dallas pushing for a significant course correction. Others will encourage NIST to press ahead with what they see as...
Privacy protections in upcoming cybersecurity standards will have to be general enough to apply to various industry sectors but sufficiently prescriptive to conform with existing international requirements. This balancing act will pose a major challenge for industry and government officials meeting this week in Dallas to draft cybersecurity measures under an Obama executive order that assigns a high priority for protecting personally identifiable information (PII).
Cybersecurity is on the agenda as Congress returns this week from its August recess, although broad cyber bills appear to be on hold. House and Senate sources say the key committees are not ready to delve into cybersecurity legislation addressing information sharing, for instance, although cyber issues are popping up in other policy areas.
“I don't think a [cybersecurity] information-sharing bill would get a very warm reception right now,” commented an industry source, who said the enduring controversy over National...
The final version of House cyber information-sharing legislation is likely to make liability protection for industry contingent on sharing through a Department of Homeland Security portal, according to congressional sources.
The draft cybersecurity framework issued last week by the National Institute of Standards and Technology includes 55 pages of information on organizing a cybersecurity program within a company, detailed reference material, a new message for senior executives and “illustrative examples” of how the framework can work.
Despite the breadth of the draft, and a looming deadline to publish it for public comment, a top NIST official stresses that the framework is an evolving document still subject to change, and...
Foreign policy experts briefed congressional staff last week on the global implications of the Obama administration's upcoming cybersecurity standards, highlighting both the international drivers and challenges behind the effort.
The administration's standards, expected to be proposed next month, could serve as a “foundational document” for global cooperation on thwarting cyber attacks, according to James Lewis of the Center for Strategic and International Studies. Lewis spoke on Aug. 29 at a cybersecurity policy briefing in the Capitol for congressional staff and...
As the U.S. aviation sector, with help from foreign companies, works to establish its own Information Sharing and Analysis Center to better deal with cyber threats, a leading industry group has issued a framework for cybersecurity designed to spur common standards and a change in “culture.”
The aviation industry's efforts are attracting widespread attention because of the critical role the sector plays in the economy and the international implications of a cyber attack.
A first-of-its-kind report on U.S.-China trade relations is expected to suggest the United States has limited leverage to counter highly publicized incidents of Chinese cyber espionage. The report is being written at the same time that the Obama administration is developing voluntary cybersecurity standards for U.S. businesses, and the findings may offer a road map for encouraging international cooperation to thwart cyber theft.
The report will be written over the next few months by the Peterson Institute for International Economics...
Federal officials today released a draft framework on voluntary cybersecurity standards for critical infrastructure that significantly fleshes out the universe of best practices, offers new language on assessing the implementation of the standards, and takes a first stab at defining privacy requirements.
The draft, produced by the National Institute of Standards and Technology, will be the focus of a public workshop in Dallas next month. NIST plans to release what it calls the preliminary version of the framework on...
On Aug. 28, 2013, the National Institute of Standards and Technology released its "discussion draft of the preliminary cybersecurity framework" called for by the president in Executive Order 13636.
The draft cybersecurity framework due out this week will offer industry representatives a chance to evaluate whether the federal government is crafting the type of cost-effective, technology-neutral voluntary program they say is necessary to win buy-in from the private sector.
The Obama administration has stressed its commitment to a voluntary cybersecurity program, but the possibility of mandatory standards continues to worry many industry representatives. Administration officials acknowledge that other steps will be needed if they build what they consider to...
The Obama administration's push for cybersecurity standards is expected to spur applications for liability relief under the SAFETY Act, according to industry lawyers and consultants. And the anticipated use of the SAFETY Act could help soften the impact of a congressional stalemate over liability exemptions for industry to counter cyber attacks.
The standards, which are being developed by the National Institute of Standards and Technology, will “better define the path” for industry to seek certification from the Department of Homeland...
The Obama administration this week will release a draft cybersecurity framework that acknowledges different levels of implementation are appropriate for different types of companies, according to sources who have been briefed on the upcoming document.
The National Institute of Standards and Technology will move away from the Framework Implementation Level -- or FIL -- nomenclature used in earlier iterations of the framework, the sources said, and offer less “judgmental” language on entities' cyber readiness. NIST officials declined to comment before...
The Department of Homeland Security last week collected a new batch of industry recommendations on cybersecurity information sharing, with a particular emphasis on the need for a safe harbor limiting companies' legal liability when they share information with the government and among themselves.
The scope of any safe harbor has been a central issue as the Obama administration works to implement Executive Order 13636 on cybersecurity and develops a framework of voluntary industry standards. Liability protection is also particularly...
Federal efforts to secure cyberspace could be better assisted by the Pentagon, a major player in cybersecurity whose role beyond military applications has yet to be clearly defined, according to cybersecurity experts.
The Defense Department has “tons of capability” that could be brought to bear in the broader fight against cyber attacks, noted Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council. DOD “can help the policy people think through all this,” he added. But whether those...