Update on the President’s Executive Order on Cybersecurity from the NIST Workshop in Dallas

Last week I attended the fourth and final National Institute of Standards and Technology (NIST) Workshop on the Critical Infrastructure Cybersecurity Framework in Dallas, TX. The President’s Executive Order on cybersecurity – Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” – directed NIST to host these workshops in order to work with stakeholders on developing a framework to protect critical infrastructure. The workshop provided a great opportunity to meet with other stakeholders, ranging from associations to companies of all sizes, and to learn about different priorities for different organizations.

There were some great panel discussions on topics ranging from the threat environment, risk management and the role of insurance today. In addition to panel discussions, there were several breakout sessions. We spent a few hours providing feedback on the draft framework, which most agreed was a good start but could use some tweaking, particularly as it relates to the ability of small- and medium-sized businesses to navigate the framework. Other discussions were focused on framework governance, areas of improvement and implementation guidance, among others.

We anticipate a new draft of the framework incorporating the feedback from the Dallas session to be released in October. Once the new draft is released, there will be a comment period before the final framework is introduced in February. We will continue to remain engaged in the review process of the framework and look forward to continuing to work with NIST on this important process.