The National Institute of
Standards and Technology (NIST) has opened registration for its 3rd
Cybersecurity Framework Workshop, to be held July 10-12, 2013, in San
Diego, Calif.
Executive Order 13636,* "Improving Critical Infrastructure Cybersecurity,"
gave NIST the responsibility to work with industry to develop a
voluntary "framework"—incorporating existing standards, guidelines and
best practices—that institutions could use to reduce the risk of cyber
attacks. Critical infrastructure includes those industries vital to the
nation's economy, security and health such as finance, energy,
transportation, food and agriculture and health care.
More than 700 people attended NIST's first two workshops, in
Washington, D.C., and Pittsburgh, with more than 2,500 people
participating online. The workshops aim to bring together a broad set of
participants from critical infrastructure owners and operators,
industry associations, standards development organizations, individual
companies and government agencies. The goal is to maximize
private-sector input in developing the framework. Participants will be
expected to actively assist in the framework development process through
hands-on participation in breakout sessions.
"We're holding these workshops in different parts of the country, but
our focus is on the nation's critical infrastructure," said project
leader Adam Sedgewick. "We have received considerable input already, but
we look forward to hearing from both new industry representatives and
those who are already engaged with the framework development. We will
provide a draft outline and describe the approach of the framework, so
it is a crucial time for all relevant industries to be involved to help
us fill in the gaps and produce a framework that will be effective and
widely used on a voluntary basis."
NIST expects the third workshop to result in a more detailed draft of
the Cybersecurity Framework and a corresponding list of current
standards, guidelines and practices, as well as important gaps. A final
workshop is being planned for September 2013, after which NIST will
release the official preliminary framework for public comment. According
to the executive order, the final framework must be completed in
February 2014.
To register to attend the workshop, visit www.nist.gov/itl/csd/3rd-cybersecurity-framework-workshop-july-10-12-2013-san-diego-ca.cfm.
The event is being hosted by the University of California, San Diego,
and the National Health Information Sharing and Analysis Center.
Attendees should review the outline of the draft framework in advance. It is expected to be available at www.nist.gov/itl/cyberframework.cfm
by the end of June; registrants will be notified when the draft is
posted. That site includes details on the framework development process
such as links to comments received through a Request for Information,
transcripts and video from the previous workshops and information on
future workshops.