The National Institute for Standards and Technology wants federal agencies to get their act together on cybersecurity standards.
In a new publication, the group calls on agencies to coordinate with each other, with the private sector and with international governments to draw up, and abide by, cybersecurity benchmarks. NIST is collecting comments on its recommendations until Sep. 24.
Establishing international cyber standards are key to "improving trust in online transactions, mitigating the effects of cyberincidents (e.g., crime), and ensuring secure interoperability among trade partners," NIST wrote. This could "promote international trade and provide a level playing field for U.S. companies."
NIST is advocating for a "high-level oversight function, where the senior cyber officials and [those] with the standards missions can get together," Mike Hogan, standards liaison for NIST’s Information Technology Laboratory and one of the publication's authors, told Nextgov.
For instance, the report recommended the Executive Office of the President could create an interagency policymaking group that would oversee the process; the Commerce Department could host its own working group comprised of federal cybersecurity officials to set objectives, reporting to the EOP group.
Other recommendations included that federal agencies regularly collaborate with the domestic and global public and private sectors. Agencies should also expand cyber training for staff, emphasizing the "costs of failing to participate in cybersecurity standards development," among other topics.
The director of NIST is required, under the Cybersecurity Enhancement Act of 2014, to work with federal agencies on coordinating information security. NIST is also required to send a report on that effort to Congress -- this publication will likely serve as the basis for that report, to be submitted to Congress in December, Hogan said.
Currently, Hogan said, much interagency cooperation on cybersecurity is in response to cyber disasters, such as large-scale government data breaches. This effort, he said, is meant to ensure that instead of ad hoc meetings, "people would be called together on a topic . . . to regularly go over" cyber standards.
But before the U.S. can collaborate with the private sector and other governments, Hogan said, the first step is a deliberate and organized interagency collaboration at home.
NIST's intent, he said, is "setting up a function that persists beyond one administration to coordinate cybersecurity standards issues. That's something that can be done soon."
(Image via winui/ Shutterstock.com)