Legislative Branch Activity
Last week, Senate Commerce, Science and Transportation Committee Chairman John Rockefeller (D-WV) and Ranking Member John Thune (R-SD) introduced the Cybersecurity Act of 2013 (S. 1353) and also held a hearing related to the legislation. The bill would give authority to the National Institute of Standards and Technology (NIST) to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure. The legislation also addresses cybersecurity workforce training education, and research and development programs. The committee plans to mark up the bill this week before Congress leaves for August recess.
Executive Branch Activity
As part of the President’s February Executive Order (EO), the Departments of Homeland Security (DHS), Commerce and the Treasury were required to compile a list of incentives for critical infrastructure that would be needed to promote participation in the voluntary NIST Cybersecurity Framework that was required in the EO. The Obama Administration is currently reviewing this list of incentives that may include limited protections from legal liability, tax incentives, and procurement considerations for entities that participate in the Cybersecurity Framework. DHS is expected to publically release the report on proposed incentives for critical infrastructure before the end of the month.
DHS Performance Goals
The EO also required DHS to draft a list of performance goals for the NIST Cybersecurity Framework. These goals will serve to guide the Framework development process and ensure that there are national goals in place for critical infrastructure owners and operators that choose to participate in the Framework. After a call last week with stakeholders, DHS is working to finalize the list of performance goals in the coming weeks.
NIST Cybersecurity Framework Workshop
The next NIST Cybersecurity Framework workshop will take place September 11-13 in Dallas, TX. NIST intends to release a draft preliminary version of the Framework in mid-August in preparation for the workshop. After reviewing feedback from stakeholders that attend the September workshop, NIST will release its draft Cybersecurity Framework in October, as required by the EO.