Earlier this month, the National Institute of Standards and Technology (NIST) published the draft report of the National Security Council Cyber Interagency Policy Committee working group on standardization of cybersecurity. The report to Congress is a requirement of the Cybersecurity Enhancement Act of 2014.
The goal of the effort is to improve U.S. cybersecurity by promoting international standards, thereby raising overall cybersecurity in the connected world of 2015 and beyond. There are numerous groups already establishing standards such as the IEEE, ISO, payment card industry (PCI), and the Internet Engineering Task Force (IETF). There are more than 200 standards bodies developing standards in IT and internet communications systems. These standards directly affect interoperability as well as security and resilience.
The U.S. government is involved in these efforts via a combination of State Department activity and the relevant other cabinet level agencies such as Commerce, trade representatives etc. Coordination of that effort falls to the Executive Branch and the office of the president. The diverse interests of the nation include security but also trade and access to markets. If the U.S. does not engage in the standards bodies, U.S. companies and interests maybe left out of the discussion and see reduced market access.
The committee report includes 8 recommendations. These are a combination of technical and political objectives:
1. Ensuring U.S. government coordination
2. Promoting U.S. government participation in cybersecurity standards development
3. Developing timely and technically sound standards and assessment schemes
4. Leveraging U.S. public and private sector collaboration in standards development
5. Enhancing international coordination and information sharing
6. Support and expanding standards training for federal agency staff
7. Developing technically sound standards for cybersecurity that minimize privacy risk
8. Using relevant international standards to achieve mission and policy objectives
While none of the recommendations is earth-shattering, they depend on executive leadership and continued engagement with both domestic and international actors. Technology still moves much faster than policy and it will require sustained attention by both the present and future administrations to ensure that all U.S. interests are addressed.
Please join us on Facebook and Twitter to receive our blogs!