Oct. 29 -- President Barack Obama met with U.S. business
leaders Oct. 29 to discuss efforts to implement a private sector cybersecurity
framework, according to the White House.
Meanwhile, the Department of
Commerce's National Institute of Standards and Technology Oct. 29 published a
officially opening the public comment period on its previously released
cybersecrurity framework (78 Fed. Reg. 64,478, 10/29/13).
comments are due by Dec. 13.
companies that met with the president were among those that worked most closely
on the framework, and this meeting is part of the administration's ongoing
dialogue with the private sector on cybersecurity,” Jay Carney, White House
press secretary, told reporters during his daily briefing.
was attended by chief executive officers from the information technology,
financial services and energy sectors, according to a statement issued by the
Industry participants, including the CEOs of Bank of
America Corp., MasterCard Inc., Intel Corp. and Pepco Holdings Inc., expressed
appreciation for the way the framework was developed in partnership with the
private sector and support for the process moving forward, the White House
Both the companies and the government
officials expressed a “strong desire” for Congress to pass legislation that
would improve cyberthreat information sharing, while protecting privacy and
civil liberties, according to the statement.
The House has passed such
an information sharing bill, the Cyber Intelligence Sharing and Protection Act
(CISPA) (H.R. 624) (12 PVLR 671, 4/22/13), but the Senate has not
acted on the measure.
Obama issued a cybersecurity executive order in February (12 PVLR 257, 2/18/13) after
Congress failed to reach agreement on cybersecurity in 2012 (11 PVLR 1680,
“We hope today's meeting will help pave the way for action on
these needed changes,” Financial Services Roundtable Chief Executive Officer
Tim Pawlenty said in a statement.
“The President's Executive Order on
cyber security was helpful and the House of Representatives passed needed
legislation on this topic. We urge the Senate to make this issue a top priority
and pass similar legislation.”
Pawlenty repeated his call for the Senate
to pass H.R. 624 the next day at a Bloomberg Government cybersecurity
conference (see related report).
NIST unveiled its draft cybersecurity framework Oct. 22 consisting of
voluntary best practices for the private sector (12 PVLR 1826, 10/28/13). The
framework outlines a set of cybersecurity steps that can be customized to
various sectors and adapted by both large and small organizations, NIST said at
NIST said in the
notice that public comments are expected to help in producing a final framework
by February 2014, as required under Obama's executive order.
As part of the White House's cybersecurity
initiative, the Department of Homeland Security must coordinate the development
of a program with incentives to promote the NIST framework.
regulatory agencies have been directed to review any existing cybersecurity
mandates and determine whether they are still adequate.
activities are organized in the framework into five main functions: identify,
protect, detect, respond and recover.
While primarily designed for
critical infrastructure entities--such as power plants and water systems--and
their partners, the framework can be applied to organizations across the
private sector that are facing mounting cyberthreats, according to NIST.
To contact the reporter on this story: Alexei Alexis in Washington at firstname.lastname@example.org
contact the editor responsible for this story: Heather Rothman at email@example.com
NIST's The draft
cybersecurity framework is available at http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf.
NIST's notice calling for public comment on the framework is available at http://www.gpo.gov/fdsys/pkg/FR-2013-10-29/pdf/2013-25566.pdf.
To view additional stories from Privacy & Data Security Law
Resource Center™ register for a free trial now