Registration is now open for the fourth in a series of workshops to bring together representatives from government, industry and academia to establish a voluntary Cybersecurity Framework that will help reduce risks to critical infrastructure. The workshop will be held Sept. 11-13, 2013, at the University of Texas at Dallas, and will be the final public session before the preliminary framework is formally released later this year.
Executive Order 13636, Improving Critical Infrastructure Cybersecurity, directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a framework consisting of standards, guidelines and best practices to promote the protection of critical infrastructure. NIST will release a preliminary framework for public comment in October 2013, and the final framework in February 2014.
"The focus of the Dallas meeting will be on the first full draft that we plan to make available in August. That draft will reflect input from critical infrastructure stakeholders provided in previous workshops, and in Dallas, we want to make sure we provide a chance to get direct and extensive feedback on the draft," said Adam Sedgewick, senior information technology policy advisor at NIST.
The Dallas workshop will be preceded by an "Executive Order primer" on Tuesday, Sept. 10, for participants who are new to the framework development process and to ensure that there is a good understanding of how the framework can be adopted by organizations.
NIST has released an update of the framework's development, based on input received at the most recent workshop, held July 10-12, 2013, in San Diego, Calif., as well as at two prior sessions and an earlier "Request for Information." At the July working meeting, more than 350 representatives from critical infrastructure owners and operators, industry associations, standards developing organizations, and government reviewed a draft outline of the preliminary framework and discussed structure, informative references and implementation levels. Breakout sessions covered executive engagement, awareness, privacy and small business considerations, among other topics. Videos of the plenary sessions are available on NIST's website.
"We consider this a long-term process to enhance the cybersecurity of our critical infrastructure," said Sedgewick. "NIST will continue to work with all of our stakeholders to ensure the framework is a useful tool that is consistently updated to reflect changes in technology, risks, feedback from industry and other factors."
On July 25, 2013, Under Secretary of Commerce for Science and Technology and NIST Director Patrick Gallagher testified before the Senate Committee on Commerce, Science and Transportation to describe NIST's collaboration with the private sector to develop the framework.
All organizations and individuals are invited to contribute to the development of the Cybersecurity Framework by contacting NIST at firstname.lastname@example.org. Key links:
- To register for the September meeting in Dallas: www.nist.gov/itl/csd/4th-cybersecurity-framework-workshop.cfm
- To review materials related to the framework, including videos of previous meetings: www.nist.gov/itl/cyberframework.cfm
- To get the current update on the framework development process: www.nist.gov/itl/upload/NIST-Cybersecurity-Framework-Update-072413.pdf
- To see videos of the San Diego meeting plenary sessions: www.nist.gov/itl/csd/3rd-cybersecurity-framework-workshop-webcast.cfm
- To read Director Gallagher's Senate testimony: http://go.usa.gov/jmRx