The National Institute of Standards and Technology (NIST) invites the public to comment on a report from the Feb. 12, 2015, Executive Technical Workshop on Improving Cybersecurity and Consumer Privacy. The workshop, a collaboration with Stanford University, brought together chief technology officers, information officers and security executives to discuss the challenges their organizations and industrial sectors face in implementing advanced cybersecurity and privacy technologies.
The focus of the meeting was on organizations such as those in the retail, hospitality or health care industries that deal directly with consumers and transmit or store data from clients, customers or patients. The draft report, Executive Technical Workshop in Improving Cybersecurity and Consumer Privacy (NIST IR 8050), summarizes the participants' key points and suggests areas for future cybersecurity efforts led by NIST.
"We'd like to hear from workshop participants and those who couldn't be there to help us develop and prioritize future NIST cybersecurity projects," said Donna Dodson, chief cybersecurity advisor for NIST. "Feedback such as this helps us ensure that we focus our efforts on projects that would be of the most value to industry and consumers."
Workshop participants represented a wide variety of sectors and organizations in a range of sizes. Despite their organizational differences, they agreed on many broad points, including:
- Both organizations and consumers are responsible for safeguarding digital assets, and organizations can help consumers realize stronger cybersecurity protections through education, training and privacy policies that are more transparent and clear—and security measures that are easier for consumers to use.
- People who develop software and applications need security tools that are easier to include in their products.
- Cybersecurity products and services must be easier for security technologists to use.
- The entire cybersecurity community—including government, industry and academia—needs to work together to address large issues. Participants asked NIST to act as a convener for these efforts.
The National Cybersecurity Center of Excellence (NCCoE) played a large role in organizing the meeting, with participation from NIST staff who work on many aspects of cybersecurity including the Framework for Improving Critical Infrastructure Cybersecurity, the National Initiative for Cybersecurity Education (NICE) and the National Strategy for Trusted Identities in Cyberspace (NSTIC). All of these groups would participate in projects that might result from the February meeting, particularly the NCCoE, which concentrates on developing practical, real-world cybersecurity approaches that can be rapidly implemented.
NIST will host a public meeting from 1 to 3 p.m. Pacific time on April 21, 2015, at 835 Market Street, San Francisco. The site is on the downtown campus of San Francisco State University and walking distance from theUSA 2015 RSA conference being held April 20-24 at the Moscone Center. A second meeting will be scheduled for early summer 2015 to receive feedback and further refine the scope of the projects listed in the report.
The summary document can be found on the NCCoE website. The comment period will run through July 17, 2015.* Comments can be submitted via a form at http://nccoe.nist.gov/consumer or to firstname.lastname@example.org, and will be made publicly available after review.
*This article was updated on May 14, 2015, to reflect an extension of the comment period from May 17 to July 17, 2015.