'Aggressively non-regulatory' NIST offers a cyber helping hand

Shutterstock image (by Sergey Nivens): close up of a scientist's hand holding a glass dish.

(Sergey Nivens / Shutterstock)

The tidal wave of cyberattacks and electronic snooping by criminals and other bad actors threatens the commercial and government sectors. Both could learn to navigate that wave, but they have to coordinate their courses.

Charles Romine, director of the National Institute for Standards and Technology’s Information Technology Laboratory, said his organization is uniquely positioned to help both embattled parties.

“We’re aggressively non-regulatory,” Romine in opening remarks at the 2015 Cybersecurity Innovation Forum in Washington, D.C., on Sept. 9. The forum gathered hundreds of federal and private industry attendees to talk cyber defense technologies, strategies and policy.

What Romine meant was that NIST and the ITL can aid private-sector firms in developing ideas and technical frameworks to come up with innovative technologies that both commercial companies and federal agencies might be able to use.

“We can’t compel industry to do anything,” he said. But, far from making the agency impotent, he said the non-regulatory stance is an “amazingly powerful” tool that can bring industry and government together on real-world approaches and solutions. He pointed to NIST’s close work with industry in developing the Advanced Encryption Standard and the Risk Management Framework over the years as evidence of its effectiveness.

Romine called on attendees to collaborate with NIST on finding more effective solutions to the surging, changing wave of cyberattacks on federal agencies and companies.

Industry is receptive to NIST’s approach, but one of the experts speaking at the conference urged some caution in dealing with the government on sharing threat information.

“Cybersecurity cuts across Wall Street and Main Street,” Zulfikar Ramzan, chief technology officer at RSA, said in his keynote address. Building cyber protections into business operations, including those of critical infrastructure companies like banks and energy corporations, requires collaborating with the federal government on how to protect commercial networks is crucial, he said.

However, too much reliance on the federal government to prevent cyberattacks on the private sector can “lead to a sense of helplessness” about how to stop or recover from an attack, he said.

Commercial industry, he said, ultimately has to take responsibility for its own network protections and response. “The elephant in the room” when it comes to government/commercial industry collaboration, he said, “is a lack of trust” that is rooted in undefined rules and responsibilities.

To be most effective, he said, companies have to set internal parameters and take stock of realistic protection capabilities. Government, he said, can share critical details with industry about the source of attacks and the threat environment, while offering advice on the best protective measures.

Commercial industry, he said, can develop technology and drive rapid innovation to counter threats. It can also be a more active participant in cyber strategy and policy debates.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.