With the global ransomware assault as a backdrop, cybersecurity experts from around the country gathered in Washington for the National Institute of Standards and Technology’s (NIST) workshop on updating its cybersecurity framework, which is a guide for federal agencies and private industry on how to secure critical cyber infrastructure.
USTelecom Law & Policy Vice President Robert Mayer led a communications sector panel examining a NIST proposal to include a measurement component in the next cybersecurity framework update.
The panel encouraged NIST to work toward producing a broad consensus among stakeholders on what constitutes effective measurement. Panelists agreed an approach consistent with the framework’s risk management metrics would be flexible, cost-effective, and tailored to the needs of individual enterprises.
Mayer chairs the Communications Sector Coordinating Council (CSCC), a Department of Homeland Security advisory council which represents the broadcast, cable, satellite, wireless and wireline industries. He works closely with industry colleagues to shape national cybersecurity policy priorities that the administration put forward in a recent cybersecurity executive order.
The Trump administration has pledged to work with industry to evaluate assets and systems that could, if disrupted, have grave consequences for national and economic security. The telecom industry’s resilience to attacks of all types ranks among the highest of critical infrastructure sectors.
The recently released White House executive order on cybersecurity listed as a major goal the reduction of the number of botnets infecting individual computers. Bots can hijack computer equipment without owner knowledge and cause serious disruptions.
Telecom carriers and internet service providers have been at the forefront of efforts to address this persistent threat. They have been working with DHS on innovative technology solutions as well as reviewing information sharing practices. Along with the current automated information sharing (AIS) program, industry groups are working with government to identify ways to build upon the National Cyber Incident Response Plan, which outlines the roles of state and federal officials and private industry after a cyberattack, to refine how parties will engage during a catastrophic cyber incident.