An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the Report) recommending that the U.S. government increase its efforts to develop international cybersecurity standards by coordinating with other governments and the private sector.

Historically, U.S. standard setting efforts have been led by private organizations, with invited participation from government officials, industry and academia. With the Cybersecurity Enhancement Act of 2014 and President Obama’s executive order directing NIST to coordinate with other federal agencies on cybersecurity strategies, NIST has been at the forefront of cybersecurity standards development in the U.S. For example, the private sector is using and quoting the principles for the development of proper information security practices that were developed by NIST for the federal government. Meanwhile, in the Report and elsewhere, NIST continues to advocate for more participation and collaboration between government and the private sector on cybersecurity standards.

The Report advocates for international cybersecurity standards to be developed through active participation and collaboration among the U.S. government, foreign governments and domestic and foreign private industry. The Report identifies four key reasons why the U.S. government should want to develop and use international cybersecurity standards:

  • To enhance national and economic security and public safety
  • To ensure standards and assessment tools for the U.S. government are technically sound
  • To facilitate international trade
  • To promote innovation and competitiveness

The Report includes a helpful supplement (the “Supplement”) which summarizes current international cybersecurity standardization efforts and catalogues U.S. government and private-sector engagement in these efforts. The Working Group also makes suggestions on how federal agencies can more effectively participate in these ongoing international efforts.

Public comments on the Report are due by September 24, 2015. The Report and the Supplement can be found on the NIST website: http://www.nist.gov.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.