NIST goes global with cyber framework
- By Sean Lyngaas
- Jul 03, 2014
Obama administration officials have for months been championing at conferences around the United States a cybersecurity framework to protect critical infrastructure. Now they’re taking the promotional tour overseas.
In recent weeks the National Institute of Standards and Technology, the agency that helped develop the framework between government and critical infrastructure firms, has sent delegations to places as far-flung as Tel Aviv and Tokyo, carrying a message of how governments and commercial sectors can collaborate to respond to cyber threats.
"We view the framework … as a potential model for furthering international dialogue" on cybersecurity issues, said Kevin Stine, manager of NIST's Security Outreach and Integration Group.
NIST's recent Asia jaunt ran from May 15 to May 21 and included meetings with Japanese and Korean government agencies responsible for cybersecurity. "The main piece that we wanted to showcase is really the process by which it was developed," Stine said.
NIST brought with it member companies and representatives of the Information Technology Industry Council, an association of big tech firms such as Google and Apple. In a letter to White House cybersecurity adviser Michael Daniel, ITI said the trip helped showcase the cybersecurity "framework as an example of an effective policy … reflecting global standards and industry-driven practices."
Symantec's Cheri McGuire, who was on the NIST-led trip to Asia, said there is strong overseas interest in learning form the cybersecurity framework.
"Sometimes you’ll go in to meetings and, literally, they know the document better than we do … because there’s just so much hunger and interest for models that can either be replicated or pieces can be drawn from," said McGuire, the Mountain View, Calif.-based firm’s vice president for global government affairs and cybersecurity policy.
"The real focus was education around the process," she added. "That's what we really liked to talk about. This process around a public-private partnership and how effective it can be in developing a really useful framework for industry."
Foreign governments cannot, of course, simply copy and paste the document into their own regulations. Varying levels of state ownership of critical infrastructure is but one reason that would not work. But the NIST framework includes global standards from the International Organization for Standardization and the International Society of Automation that might be building blocks for multilateral collaboration on cybersecurity. Those standards give the framework broader appeal, said Stine, who added that NIST is not letting up in its international outreach. As he spoke with FCW, a NIST representative was in Britain spreading the cybersecurity gospel.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Follow him on Twitter: @snlyngaas