While cyberthreats continue to be in the spotlight, a little-known federal agency outside of the technology community, the National Institute of Standards and Technology (NIST), is making substantial progress on bolstering cybersecurity for critical infrastructure by working cooperatively with industry.
This effort began when the Obama Administration issued an executive order to improve cybersecurity last year. Since then, industry has worked diligently with NIST, the Department of Homeland Security, and various federal agencies to develop guidance for critical infrastructure owners and operators that will help advance cybersecurity across critical sectors of the American economy, including chemical, banking, and power.
As a result of this collaboration, NIST published the Framework for Improving Critical Infrastructure Cybersecurity, which provides a national approach to manage cybersecurity risks by identifying threats and vulnerabilities and putting security measures in place. And recently, the White House’s top cybersecurity official made a strong case for supporting this collective effort to enhance our nation’s ability to protect itself against cybersecurity threats.
In a May 22 White House Blog post, Special Assistant to the President and Cybersecurity Coordinator Michael Daniel wrote that he was encouraged by the progress made to date on defending against what he acknowledged were “dynamic and rapidly evolving” threats to U.S. critical systems and information. He continued by saying that we must “build equally agile and responsive capabilities not bound by outdated and inflexible rules and procedures” to address such threats.
In response to the blog post, more than twenty associations, including the American Chemistry Council (ACC), wrote a letter to Mr. Daniel, applauding the Administration’s approach to enhance the security of America’s business community and, more importantly, to leverage NIST’s Framework.
Throughout its development, ACC has offered constructive comments and cooperated with other stakeholders to strengthen the NIST Framework. We have also expressed our views with Congress at a joint Senate hearing on how the private sector and government can strengthen our partnership in negating threats to our critical infrastructure and information systems.
During the hearing, David Kepler, Executive Vice President, Chief Sustainability Officer, and Chief Information Officer at The Dow Chemical Company, also made note of several voluntary security initiatives the chemical industry has undertaken to address physical security and cybersecurity.
For example, ACC members voluntarily adopted the Responsible Care® Security Code in 2001. The Security Code requires a comprehensive assessment of security vulnerabilities and risks in order to implement protective measures across a company’s value chain. Since the Security Code’s inception, ACC members have invested almost $13 billion in security enhancements, including both physical security and cybersecurity protections.
During the same hearing, Kepler brought to the committee members’ attention ACC’s Chemical Information Technology Center (ChemITC®), which serves as an open forum for members and other affiliated organizations to advance cybersecurity through strategic programs and networking groups dedicated to addressing specific technology issues.
As the U.S. Chamber blogged earlier this week, the best way to keep this united effort on track is to ensure that the NIST Framework remains “collaborative, voluntary, and innovative over the long term.” Such an approach will encourage everyone to do their part and, as Daniel pointed out, provide the necessary flexibility that will be instrumental for effectively addressing ever-evolving cyberthreats.