Romine: Cyber framework – ‘on time, actionable’
The National Institute of Standards and Technology is about to host its second of four workshops with the private sector in creating the cybersecurity framework outlined in President Barack Obama’s cybersecurity executive order.
When completed, the cybersecurity framework will provide guidance for the sharing of threat information between the public and private sectors.
Charles Romine, director of NIST’s Information Technology Laboratory, who is heading up the creation of the framework, told FedScoop the president’s faith in NIST is a result of the agency’s global leadership in the fight against cyber threats.
“We will deliver a framework that is on time and is actionable,” said Romine, who will keynote FedScoop’s 4th Annual Tech Shootout on May 7 at the Newseum. “We want something that our industry partners can use that will better protect our nation’s critical infrastructure.”
Romine said the workshops are geographically dispersed around the country to allow attendees from every region to participate. They are also being webcast, so anyone can watch them online.
As for the content, Romine said with a tight deadline (the framework is due 240 days from the February signing of the executive order), the emphasis will be on the work. What is being brought forward so far, Romine said, is the experience of several very mature industries in the critical infrastructure space that are able to bring out the core issues needing to be tackled along with solutions.
Crafting the cybersecurity framework means working very closely with industry, something Romine said the IT Labs and NIST in general are very comfortable with. He says that is because NIST goes out of its way to be nonregulatory, allowing for industry partners to collaborate with the agency.
A perfect example, Romine said, is the Cybersecurity Center of Excellence, which opened last year. Romine said the center is looking to solve cybersecurity problems, one chuck at a time, working with industry to do so.
In fact, just recently, the agency and 11 major corporations such as Intel, McAfee and Symantec, signed an agreement to provide technical expertise and other resources to the center.
Instead of looking at health information security and trying to solve that, the center will take on one element, such as information sharing between a doctor and a large organization, and try to address that, Romine said.
Romine said the center is drawing up a number of use cases such as those mentioned above or geolocation in the cloud, which is also on the docket. Once a use case is created, private sector partners – such as the 11 that signed an agreement last month – will look for solutions to the problem.
“Our goal is to accelerate the collaboration between the public and private sectors,” Romine said.
Outside of that, Romine said he’ll be focused on maintaining a balanced portfolio of research, ranging from applied to the basic.
“It’s a balancing game as we get a number of mandates to do the applied research, but we must continue to do the basic as well so we are in position to lead creating the standards for the rest of the federal government,” he said.