Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Last week, Microsoft’s Innovation & Policy Center in Washington, D.C. convened a distinguished group of cybersecurity and privacy professionals from across industry sectors for a panel discussion about the forthcoming Cybersecurity Framework, expected from the National Institute of Standards and Technology (NIST) in February 2014, and its implications for critical infrastructure organizations.
I was pleased to participate as a panelist alongside:
Several key themes emerged from our discussion. The general sense among the panelists was that the underlying themes of cybersecurity and privacy practices described in the Preliminary Framework were a good starting place, and would aid organizations in establishing or refining organizational policies, provided the underlying approach is relevant for the data rich environment of the 21st Century. However, several panelists also noted that certain components of the Framework may pose challenges for industry because they are prescriptive rather than outcome-focused.
Panelists also observed that a stronger integration of cybersecurity and privacy practices was crucial to strengthening the Framework’s relevance to small and medium organizations, which may be trying to address both topics with limited capacity. Additionally, panelists acknowledged that the Framework’s success will depend upon related initiatives in the federal government, specifically the Department of Homeland Security’s program for voluntary utilization of the Framework and the White House’s work on incentives for participating organizations.
Following the discussion, we spoke with several of the panelists. Trevor Hughes stressed the importance of sound cybersecurity and privacy practices in critical infrastructure protection, stating that “cybersecurity professionals are not privacy professionals, and we need privacy expertise in these conversations.”
Missed the event but want to learn more? Check out the Microsoft’s prior blog posts on the Framework and related incentives. You can also visit the Microsoft Global Security Strategy and Diplomacy site and the Microsoft privacy site.
Paul Nicholas Senior Director, Global Security Strategy Microsoft Corporation