Press Release Summary:
Recognizing that national and economic security of the U.S. depends on reliable functioning of critical infrastructure, the President, under Executive Order 13636 "Improving the Critical Infrastructure Cybersecurity" directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. OnÂ July 10–12, 2013, NIST held 3rd Cybersecurity Framework Workshop, hosted by University of California San Diego and the National Health ISAC.
Original Press Release:
NIST Cybersecurity Framework
National Health ISAC (NH-ISAC) Leads Health Sector Focus
KENNEDY SPACE CENTER, Fla., -- On July 10-12, 2013, the National Institute of Standards and Technology (NIST) held the 3rd Cybersecurity Framework Workshop, hosted by the University of California San Diego and the National Health ISAC (NH-ISAC), the nation's healthcare and public health critical infrastructure Information Sharing & Analysis Center. 350+ workshop attendees included critical infrastructure owners and operators, security, technology and legal representatives with operational, managerial and policy expertise, experience and responsibilities for cybersecurity, technology and standards development for Critical Infrastructure organizations.
Recognizing that national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President, under Executive Order 13636 "Improving the Critical Infrastructure Cybersecurity" directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. The Preliminary Framework will be released in October for public comment, with the final Cybersecurity Framework released in February 2014.
NH-ISAC is leading development of a healthcare version of the Framework to engage and support the nation's healthcare and public health critical infrastructure and to provide an example and use cases how the NIST Cybersecurity Framework can be implemented. "Development of this Framework provides an incredible opportunity for the nation's health sector to have a defining voice in the design and implementation of an 'actionable' cybersecurity framework representing what is critical for operating environments including engaging senior management at all levels," said Deborah Kobza, NH-ISAC Executive Director.
The NIST Cybersecurity Framework provides a risk-based approach for cybersecurity protection of national critical infrastructure systems and functions at all levels, and also includes adoption applicability for organizations of nearly every size and composition.
The Framework Core offers a way to take a high-level, overarching view of an organization's management of cybersecurity risk and includes a compendium of informative references, existing standards, guidelines and practices to assist with specific implementation focusing on:
Five major cybersecurity functions, their categories and subcategories, and
Three Framework Implementation Levels associated with an organization's cybersecurity functions and implementation performance goals and objectives
In addition to the Framework itself, workshop activities included specific working sessions on privacy, executive-level engagement, awareness and training, international engagement, small business involvement, and performance goals.
"It was great to see so much synergy between the public and private sector working on the common problem to address cybersecurity," said Nikolay Chernavsky, Senior Manager of Information Security for Amgen. "The resulting framework would become a solid foundation to help address cybersecurity issues for many organizations regardless of their size. Cybersecurity is not an endeavor of a single organization. Only a collective approach to the problem will successfully counter cyber threats and provide a common foundation to support healthcare critical infrastructure resilience."
Reid Stephan, Information Security Manager, St. Luke's Healthcare commented, "While there is still a significant amount of work to be done, it is encouraging to see the broad cross-industry support that is engaged in this effort. NIST is doing a great job of soliciting and listening to input, which will increase the likelihood that the result will truly be collaborative and glean from existing and time-tested best practices."
San Diego workshop outputs will populate the draft Preliminary Framework for the upcoming 4th workshop at the University of Texas at Dallas on September 11-13. For additional information - http://www.nist.gov/itl/cyberframework.cfm.
For Healthcare and Public Health Cybersecurity Framework participation, contact Deborah Kobza, NH-ISAC Executive Director, firstname.lastname@example.org.
NH-ISAC is the nation's healthcare and public health critical infrastructure ISAC, recognized by US HHS, the Health Sector Coordinating Council, US DHS, the National Council of ISACs, and the health sector.
Contact: Deborah Kobza
NH-ISAC Executive Director