Registration is now open for the fourth in a series of workshops to bring together representatives from government, industry and academia to establish a voluntary Cybersecurity Framework that will help reduce risks to critical infrastructure.
The workshop will be Sept. 11-13, 2013, at the University of Texas at Dallas, and will be the final public session before the preliminary framework formally releases later this year.
Executive Order 13636, Improving Critical Infrastructure Cybersecurity, directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a framework consisting of standards, guidelines and best practices to promote the protection of critical infrastructure. NIST will release a preliminary framework for public comment in October 2013, and the final framework in February 2014.
“The focus of the Dallas meeting will be on the first full draft that we plan to make available in August,” said Adam Sedgewick, senior information technology policy advisor at NIST. “That draft will reflect input from critical infrastructure stakeholders provided in previous workshops, and in Dallas, we want to make sure we provide a chance to get direct and extensive feedback on the draft.”
Before the Dallas workshop there will be an “Executive Order primer” on Tuesday, Sept. 10, for participants who are new to the framework development process and to ensure there is a good understanding of how organizations can adopt the framework.
NIST released an update of the framework’s development, based on input received at the most recent workshop, held July 10-12, 2013, in San Diego, CA, as well as at two prior sessions and an earlier “Request for Information.”
At the July working meeting, more than 350 representatives from critical infrastructure owners and operators, industry associations, standards developing organizations, and government reviewed a draft outline of the preliminary framework and discussed structure, informative references and implementation levels.
Breakout sessions covered executive engagement, awareness, privacy and small business considerations, among other topics. Videos of the plenary sessions are available on NIST’s website.
“We consider this a long-term process to enhance the cyber security of our critical infrastructure,” Sedgewick said. “NIST will continue to work with all of our stakeholders to ensure the framework is a useful tool that is consistently updated to reflect changes in technology, risks, feedback from industry and other factors.”
All organizations and individuals can contribute to the development of the Cybersecurity Framework by contacting NIST at email@example.com.
• Click here to register for the September meeting in Dallas.
• Click here to review materials related to the framework, including videos of previous meetings.
• Click here to get the current update on the framework development process.