The Bridge on TV aired Sunday featuring Rick Tracy,Â Chief Security Officer, Telos Corporation andÂ Matt Barrett, Program Manager, Cybersecurity Framework, National Institute of Standards and Technology (NIST). These industry leaders shared their viewpoints on Improving Government-Industry Cooperation in Cybersecurity.
Highlights from the show include:
- BarrettÂ commentedÂ that âCybersecurity canât be combatted by cybersecurity professionals alone.â
- Barrett also commented that the Challenge is to âget everybody on the same page and pulling in the same directions. He called on more involvement starting at the Board level, but extending to other âsenior executives, business process professionals, and technologists.â
- Tracy shared that âIndustry is watching the development [of the NIST Framework] for the impact the regulation is going to have on business.â
- Tracy raised a caution flag about SP 800-171, which eventually will amend the DFARS to include a requirement protecting Controlled Unclassified Information in nonfederal information systems and organizations â or lose their contracts. âMany companies are concerned about the impact of what this regulation will have on their businesses from the resource perspectiveâand what companies will have to spend to implement the regulation.
âWith the rampant toxicity and rancor spewing forth from todayâs political dialogue, it is refreshing that the cybersecurity initiative enjoys bi-partisan support and rationale discourse. Todayâs episode of The Bridge proves that not every issue must be contentious.â
Jim McCarthy, The Bridge Moderator
- âMany of my stakeholders present to me suggestions that are overly nebulous, overly proscriptive, and sometimes overlapping regulations.â Barrett as Program Manager of the Cybersecurity Framework, Barrett has taken ownership to make sure the Framework adequately addresses these concerns.
- Barrett stated the five key words define the NIST Cybersecurity Framework are Identify, Protect, Detect, Respond, and Recover. âThese simple concepts define the framework, but also apply to IT risk management.â
- There was a Consensus among the guests on issues like the need for communication between the government and private sector, and the need for scalability, flexibility, customization, and a tool forÂ cybersecurity measurement. Tracy called on the Government and industry âto focus on common ground.â Â The common ground also includes IT modernization and shared or cloud services.
- Barrett forecasted that the second draft of the NIST Cybersecurity Framework will be issued in Fall of 2017, with a final version slated for the calendar year 2018.