Cybersecurity

NIST announces federal cyber center plans

light bulb

NIST hopes inspiration will come through a proposed research center. (Stock image)

Editor's note: This story was modified to clarify the relationship between the FFRDC and the recent executive order on cybersecurity.

The National Institutes of Standards and Technology is spearheading efforts to establish a new federally funded research and development center through its National Cybersecurity Center of Excellence. The goal of the FFRDC is to create a neutral venue for collaboration between government and industry that will accelerate progress in implementing cybersecurity.

The idea is to bring together experts and stakeholders from both sectors, as well as academia, that can work together in finding cybersecurity solutions that will help secure digital infrastructure, according to a Federal Register notice posted April 22.

"FFRDCs are independent nonprofit organizations that operate in the public interest and provide a highly efficient way to leverage and rapidly assemble physical resources and scientific and engineering talent, both public and private," a NIST release noted. "By design, they have beyond normal access to government and supplier data, and as nonprofits, they have no bias toward any particular company, technology or product – key attributes, given the NCCoE's collaborative nature."

A request for proposals to manage the research center is expected this fall, according to NIST.

The efforts signal more of the government's growing prioritization of cybersecurity -- a priority that was also reflected in President Barack Obama's executive order on cybersecurity issued in February. While the FFRDC effort is not part of the order, the order strengthened NIST's role in cybersecurity efforts and its partnership with the White House and the Homeland Security Department, and prioritized information-sharing between sectors.

Of particular focus in the order are measures designed to secure critical infrastructure, typically run by the private sector, as well as widen the pool of cybersecurity experts and personnel, an area officials have said is sorely lacking.

"This is a critical piece of a broader problem here which is...we don't have enough people in cybersecurity; our workforce is one of the biggest challenges," said Andy Ozment, White House senior director for national security. "So how do we take the lessons the best people learn and disseminate them, particularly in sectors that believe they have unique problems that set them apart from the normal IT world? If you're in a sector that relies heavily on control systems, you may be reluctant to take general IT security advice because you don't know if that's been vetted in respect to control systems."

The hope is that by convening the stakeholders of various pockets of industry that share common cybersecurity concerns, best practices and lessons can fast-track new security measures that would not be possible without collaboration.

"That's what NIST's approach with the centers of excellence is – taking the best of industry and come up with models that really work successfully and disseminate that knowledge," Ozment said.

The center, by design, also is geared to be more flexible than what government agencies may be limited to under rules and regulations that have proved to be sticking points in information-sharing over the years.

"The FFRDC model is the most effective way the center can work with private companies to accelerate industry's adoption of integrated tools and technologies to protect IT assets," said NIST Director Patrick Gallagher said in the release. "NIST has a long history of successful collaboration with industry, and this approach leverages our top cybersecurity experts while allowing the center to be as nimble as possible."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group