The Bridge on TV aired Sunday featuring Rick Tracy, Chief Security Officer, Telos Corporation and Matt Barrett, Program Manager, Cybersecurity Framework, National Institute of Standards and Technology (NIST). These industry leaders shared their viewpoints on Improving Government-Industry Cooperation in Cybersecurity.
Highlights from the show include:
- Barrett commented that “Cybersecurity can’t be combatted by cybersecurity professionals alone.”
- Barrett also commented that the Challenge is to “get everybody on the same page and pulling in the same directions. He called on more involvement starting at the Board level, but extending to other “senior executives, business process professionals, and technologists.”
- Tracy shared that “Industry is watching the development [of the NIST Framework] for the impact the regulation is going to have on business.”
- Tracy raised a caution flag about SP 800-171, which eventually will amend the DFARS to include a requirement protecting Controlled Unclassified Information in nonfederal information systems and organizations — or lose their contracts. “Many companies are concerned about the impact of what this regulation will have on their businesses from the resource perspective—and what companies will have to spend to implement the regulation.
“With the rampant toxicity and rancor spewing forth from today’s political dialogue, it is refreshing that the cybersecurity initiative enjoys bi-partisan support and rationale discourse. Today’s episode of The Bridge proves that not every issue must be contentious.”
Jim McCarthy, The Bridge Moderator
- “Many of my stakeholders present to me suggestions that are overly nebulous, overly proscriptive, and sometimes overlapping regulations.” Barrett as Program Manager of the Cybersecurity Framework, Barrett has taken ownership to make sure the Framework adequately addresses these concerns.
- Barrett stated the five key words define the NIST Cybersecurity Framework are Identify, Protect, Detect, Respond, and Recover. “These simple concepts define the framework, but also apply to IT risk management.”
- There was a Consensus among the guests on issues like the need for communication between the government and private sector, and the need for scalability, flexibility, customization, and a tool for cybersecurity measurement. Tracy called on the Government and industry “to focus on common ground.” The common ground also includes IT modernization and shared or cloud services.
- Barrett forecasted that the second draft of the NIST Cybersecurity Framework will be issued in Fall of 2017, with a final version slated for the calendar year 2018.