Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

U.S.' NIST framework released to widespread praise, but what happens next?

Cynthia Brumfield | Feb. 14, 2014
Responsibility now falls on DHS to refine and implement framework while also developing incentives for critical infrastructure providers to follow it.

Another concern is that the framework fails to prioritize cybersecurity spending. "Where do I spend my next marginal dollar?" Larry Clinton, head of the Internet Security Alliance asked. "The framework doesn't tell them. I think in two years we're not going to see a substantial reduction in anything."

One group, Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), is worried that the framework misses a very important first cybersecurity step: situational awareness. "The framework is largely a reflection of existing standards and practices and situational awareness is not as completely spelled out as it should be in the long run," Chris Blask, Chair of the ICS-ISAC said.

These and other concerns will continue to be aired under NIST's auspices over the coming months as it continues to fulfill a role as a "convener" as it hand off responsibility to other government groups. NIST may also host another public workshop in the next six months to review stakeholder experience, implementation progress and questions around long-term governance with what it calls Version 1.0 of the framework.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.