Cybersecurity

'Aggressively non-regulatory' NIST offers a cyber helping hand

Shutterstock image (by Sergey Nivens): close up of a scientist's hand holding a glass dish.

(Sergey Nivens / Shutterstock)

The tidal wave of cyberattacks and electronic snooping by criminals and other bad actors threatens the commercial and government sectors. Both could learn to navigate that wave, but they have to coordinate their courses.

Charles Romine, director of the National Institute for Standards and Technology’s Information Technology Laboratory, said his organization is uniquely positioned to help both embattled parties.

“We’re aggressively non-regulatory,” Romine in opening remarks at the 2015 Cybersecurity Innovation Forum in Washington, D.C., on Sept. 9. The forum gathered hundreds of federal and private industry attendees to talk cyber defense technologies, strategies and policy.

What Romine meant was that NIST and the ITL can aid private-sector firms in developing ideas and technical frameworks to come up with innovative technologies that both commercial companies and federal agencies might be able to use.

“We can’t compel industry to do anything,” he said. But, far from making the agency impotent, he said the non-regulatory stance is an “amazingly powerful” tool that can bring industry and government together on real-world approaches and solutions. He pointed to NIST’s close work with industry in developing the Advanced Encryption Standard and the Risk Management Framework over the years as evidence of its effectiveness.

Romine called on attendees to collaborate with NIST on finding more effective solutions to the surging, changing wave of cyberattacks on federal agencies and companies.

Industry is receptive to NIST’s approach, but one of the experts speaking at the conference urged some caution in dealing with the government on sharing threat information.

“Cybersecurity cuts across Wall Street and Main Street,” Zulfikar Ramzan, chief technology officer at RSA, said in his keynote address. Building cyber protections into business operations, including those of critical infrastructure companies like banks and energy corporations, requires collaborating with the federal government on how to protect commercial networks is crucial, he said.

However, too much reliance on the federal government to prevent cyberattacks on the private sector can “lead to a sense of helplessness” about how to stop or recover from an attack, he said.

Commercial industry, he said, ultimately has to take responsibility for its own network protections and response. “The elephant in the room” when it comes to government/commercial industry collaboration, he said, “is a lack of trust” that is rooted in undefined rules and responsibilities.

To be most effective, he said, companies have to set internal parameters and take stock of realistic protection capabilities. Government, he said, can share critical details with industry about the source of attacks and the threat environment, while offering advice on the best protective measures.

Commercial industry, he said, can develop technology and drive rapid innovation to counter threats. It can also be a more active participant in cyber strategy and policy debates.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.