'Aggressively non-regulatory' NIST offers a cyber helping hand

Shutterstock image (by Sergey Nivens): close up of a scientist's hand holding a glass dish.

(Sergey Nivens / Shutterstock)

The tidal wave of cyberattacks and electronic snooping by criminals and other bad actors threatens the commercial and government sectors. Both could learn to navigate that wave, but they have to coordinate their courses.

Charles Romine, director of the National Institute for Standards and Technology’s Information Technology Laboratory, said his organization is uniquely positioned to help both embattled parties.

“We’re aggressively non-regulatory,” Romine in opening remarks at the 2015 Cybersecurity Innovation Forum in Washington, D.C., on Sept. 9. The forum gathered hundreds of federal and private industry attendees to talk cyber defense technologies, strategies and policy.

What Romine meant was that NIST and the ITL can aid private-sector firms in developing ideas and technical frameworks to come up with innovative technologies that both commercial companies and federal agencies might be able to use.

“We can’t compel industry to do anything,” he said. But, far from making the agency impotent, he said the non-regulatory stance is an “amazingly powerful” tool that can bring industry and government together on real-world approaches and solutions. He pointed to NIST’s close work with industry in developing the Advanced Encryption Standard and the Risk Management Framework over the years as evidence of its effectiveness.

Romine called on attendees to collaborate with NIST on finding more effective solutions to the surging, changing wave of cyberattacks on federal agencies and companies.

Industry is receptive to NIST’s approach, but one of the experts speaking at the conference urged some caution in dealing with the government on sharing threat information.

“Cybersecurity cuts across Wall Street and Main Street,” Zulfikar Ramzan, chief technology officer at RSA, said in his keynote address. Building cyber protections into business operations, including those of critical infrastructure companies like banks and energy corporations, requires collaborating with the federal government on how to protect commercial networks is crucial, he said.

However, too much reliance on the federal government to prevent cyberattacks on the private sector can “lead to a sense of helplessness” about how to stop or recover from an attack, he said.

Commercial industry, he said, ultimately has to take responsibility for its own network protections and response. “The elephant in the room” when it comes to government/commercial industry collaboration, he said, “is a lack of trust” that is rooted in undefined rules and responsibilities.

To be most effective, he said, companies have to set internal parameters and take stock of realistic protection capabilities. Government, he said, can share critical details with industry about the source of attacks and the threat environment, while offering advice on the best protective measures.

Commercial industry, he said, can develop technology and drive rapid innovation to counter threats. It can also be a more active participant in cyber strategy and policy debates.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.