It’s not too late to benefit from the Cybersecurity Framework Workshop, presented by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). The November 14-15 event, hosted by IES at the Hunt Library on the NC State University Centennial Campus, was NIST’s fifth workshop in 2013 addressing cybersecurity within the U.S.
The event was presented simultaneously on location and online; recorded webcasts of the main sessions are now available to watch online by clicking here.
Throughout this past year, under an executive order from President Obama to develop a voluntary framework for reducing cyber risks, NIST hosted workshops in cities including San Diego, Dallas and Pittsburgh. Key industry, government and academic leaders came together to determine standards, best practices and guidelines that could provide businesses, their suppliers, their customers and government agencies with a shared set of expected protections for critical information and IT infrastructure.
“The framework is important because the next terrorist attack might be something that targets United States infrastructure,” explained IES’ Doug Hummer, project manager for the NC State University workshop.
“Studies have shown that traditionally, small to mid-sized businesses don’t have a lot in the way of protection against cybersecurity attacks,” said IES Associate Director, John Dorris. “We hope to play an important role helping them understand the importance of the framework, how it relates to their company and better assess what level of vulnerability they have.”
More than 450 people registered for the event at NC State.
“Many of the attendees were cybersecurity experts from major companies,” said Hummer. “They represented companies including CISCO, IBM, Duke Power, Time Warner Cable, as well as from outside our immediate area, like the senior manager from the Utility Operational Compliance in Oklahoma City and others.”
Previous workshops have helped establish the foundation for the preliminary framework that will outline customizable steps for various business sectors while providing a consistent approach to cybersecurity. When it’s finalized in early 2014, the framework will foster communications and help organizations hold each other accountable for strong cyber protections while allowing flexibility for their own targeted approaches. Its integrated approach will focus on outcomes, rather than any particular technology, to encourage innovation.
Topics at November’s workshop included small and mid-sized business considerations, how to implement the framework, and privacy and civil liberties issues.
“Much of the focus at this workshop addressed implementation,” said Hummer. “Now that the framework itself is coming together, the question is how we get the word out to companies, while also addressing their concerns about things like privacy issues for their customers.”
Participant satisfaction with the workshop was high, and the coordinating team deemed it a success.
“There were a lot of great discussions in the break-out sessions,” said Dorris. “It accomplished a core part of what NIST was hoping to do, which was to build constructive and energetic dialog about a very important topic.”
After the framework finishes a public comment period, final revisions will be applied before it is sent to the president for approval in early 2014 and then subsequently rolled out to companies across the United States.