President Obama’s February 12th Executive Order, Improving Critical Infrastructure Cybersecurity, is definitely going to impact the standards community. In it, the President specifically states “It is the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement risk-based standards.”
First steps include the development of methodologies for identifying specific threats and providing unclassified government reports that can be widely shared with industry. In the classified arena, the Defense Industrial Base pilot will be renamed and expanded as the Enhanced Cybersecurity Services program, for companies and individuals with security clearances.
NIST (the National Institute of Standards and Technology) will spearhead the development of a Cybersecurity Framework. This framework will include a set of standards, methodologies, procedures, and processes to address cyber risks.
NIST has been playing an active role in recent years in bringing together regulators and industry standards developers in order to align the interests of government with the resources and infrastructure development provided by U.S. industry associations.
As far as industry is concerned, organizations to watch include:
- the Internet Security Alliance, a consortium focused on developing policy and providing advocacy
- ANSI (the American National Standards Institute), spearheading a joint standards-development strategy
- IEEE, working on standards in the area of electric utility control systems
- ISA (International Society of Automation), providing standards on computerized control system security
- ISO/IEC JTC1 (Joint Technical Committee 1), developing security management systems at the international level
- IETF (Internet Engineering Task Force), the fundamental Internet standards developer
- ITU T Study Group 17, develops Recommendations on Cybersecurity
You should also be aware that since 9/11, one notable area of joint effort has been the ANSI Homeland Security Standards Panel. This forum for the co-ordination of standards development between ANSI accredited standards developers and the Department of Homeland Security is sure to be a part of this new cybersecurity effort.
Congress has been working on a similar piece of legislation, Cyber Information Sharing & Protection Act (CISPA), which so far hasn’t managed be passed. This is another reporting effort, this time providing for information sharing between private companies and the government about cyber threats. The executive order only provides for information sharing from government to industry, lessening concerns about the transmittal of private information without permission.
You can expect that, as with healthcare information, when the government decides to set a firm course on how it will secure and exchange this type of information, there is a great deal of opportunity for the players in this space. And the final results will impact our information infrastructure far beyond the scope of work as currently defined.
Find out more about Document Center Inc. at our website, www.document-center.com. Or contact us by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We’re in the business of standards and are here to assist you with any and all questions and requirements you may have.
