Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Commerce Acting Under Secretary Encourages Business to take Active Role in Corporate Cyber Security

NIST Acting Director Willie May at the CYBER Conference

NIST Acting Director Willie May at the Board Agenda: CYBER Conference, April 17, 2015.

Credit: Heyman/NIST

The acting Under Secretary of Commerce for Standards and Technology today called on corporate CEOs and board members to take active roles in managing how their institutions deal with cybersecurity risks.

Speaking at the "Board Agenda: CYBER" conference in Washington, D.C., Dr. Willie May said, "As CEOs, board members, or other senior leaders of your organizations, managing cyber risks is one of the most important things you can do to protect your assets, your customers, and your companies." May also is the acting director of the National Institute of Standards and Technology (NIST).

May said that top corporate managers should review and consider using the Framework for Improving Critical Infrastructure Cybersecurity, a voluntary guidance document issued by NIST a year ago last February. The product of a year-long collaboration of cybersecurity and management experts from the federal government, industry and academia, the framework was designed to be a risk management approach that builds on recognized best practices and standards for cybersecurity.

May said preventing all successful cyber attacks is likely not possible, however a company can use the framework to help make successful attacks substantially more difficult and to facilitate rapid detection and recovery. "The goal is a balanced approach that both protects and quickly detects when something is amiss. And it's one that emphasizes being prepared with a strong response and recovery plan," he said.

May said that the framework already is being used effectively by firms ranging from major multinationals to small businesses. The full prepared text of May's remarks is available from the NIST website.

Released April 17, 2015, Updated July 24, 2018