Obama Meets With U.S. Business Leaders On NIST's Draft Cybersecurity Framework

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Alexei Alexis  

Oct. 29 -- President Barack Obama met with U.S. business leaders Oct. 29 to discuss efforts to implement a private sector cybersecurity framework, according to the White House.

Meanwhile, the Department of Commerce's National Institute of Standards and Technology Oct. 29 published a notice officially opening the public comment period on its previously released cybersecrurity framework (78 Fed. Reg. 64,478, 10/29/13).

Public comments are due by Dec. 13.

IT, Finance, Energy CEOs

“The companies that met with the president were among those that worked most closely on the framework, and this meeting is part of the administration's ongoing dialogue with the private sector on cybersecurity,” Jay Carney, White House press secretary, told reporters during his daily briefing.

The meeting was attended by chief executive officers from the information technology, financial services and energy sectors, according to a statement issued by the White House.

Industry participants, including the CEOs of Bank of America Corp., MasterCard Inc., Intel Corp. and Pepco Holdings Inc., expressed appreciation for the way the framework was developed in partnership with the private sector and support for the process moving forward, the White House said.

Hill Action Urged

Both the companies and the government officials expressed a “strong desire” for Congress to pass legislation that would improve cyberthreat information sharing, while protecting privacy and civil liberties, according to the statement.

The House has passed such an information sharing bill, the Cyber Intelligence Sharing and Protection Act (CISPA) (H.R. 624) (12 PVLR 671, 4/22/13), but the Senate has not acted on the measure.

Obama issued a cybersecurity executive order in February (12 PVLR 257, 2/18/13) after Congress failed to reach agreement on cybersecurity in 2012 (11 PVLR 1680, 11/19/12).

“We hope today's meeting will help pave the way for action on these needed changes,” Financial Services Roundtable Chief Executive Officer Tim Pawlenty said in a statement.

“The President's Executive Order on cyber security was helpful and the House of Representatives passed needed legislation on this topic. We urge the Senate to make this issue a top priority and pass similar legislation.”

Pawlenty repeated his call for the Senate to pass H.R. 624 the next day at a Bloomberg Government cybersecurity conference (see related report).

NIST Call for Comments

NIST unveiled its draft cybersecurity framework Oct. 22 consisting of voluntary best practices for the private sector (12 PVLR 1826, 10/28/13). The framework outlines a set of cybersecurity steps that can be customized to various sectors and adapted by both large and small organizations, NIST said at the time.

“The President's Executive Order on cyber security was helpful and the House of Representatives passed needed legislation on this topic. We urge the Senate to make this issue a top priority and pass similar legislation.”  
Tim Pawlenty, CEO,
Financial Services Roundtable

NIST said in the notice that public comments are expected to help in producing a final framework by February 2014, as required under Obama's executive order.

Broad Adoption Envisioned

As part of the White House's cybersecurity initiative, the Department of Homeland Security must coordinate the development of a program with incentives to promote the NIST framework.

In addition, regulatory agencies have been directed to review any existing cybersecurity mandates and determine whether they are still adequate.

Cybersecurity activities are organized in the framework into five main functions: identify, protect, detect, respond and recover.

While primarily designed for critical infrastructure entities--such as power plants and water systems--and their partners, the framework can be applied to organizations across the private sector that are facing mounting cyberthreats, according to NIST.

To contact the reporter on this story: Alexei Alexis in Washington at aalexis@bna.com

To contact the editor responsible for this story: Heather Rothman at hrothman@bna.com

NIST's The draft cybersecurity framework is available at http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf.

NIST's notice calling for public comment on the framework is available at http://www.gpo.gov/fdsys/pkg/FR-2013-10-29/pdf/2013-25566.pdf.

Request Bloomberg Law: Privacy & Data Security