By Alexei Alexis
Sept. 25 — The drafting of a voluntary U.S. cybersecurity framework for the private sector is “essentially complete,” National Institute of Standards and Technology Director Patrick Gallagher said Sept. 25.
“We are at the end, but we’re only at the end of the beginning,” Gallagher said at a cybersecurity summit in Washington. “Now we are really focused on taking what has been a remarkable effort and translating and driving it into practice. And for me, the litmus test of success is going to be the extent to which this framework becomes integrated with the way we operate.”
The summit was sponsored by Billington Cybersecurity, a division of the Cyber Education Institute LLC, based in Chevy Chase, Md.
Under an executive order signed by President Barack Obama earlier this year, NIST must release a draft framework for public comment next month and publish a final version by February 2014. NIST released a preliminary draft framework for discussion at a Dallas workshop in September .
Gallagher: NIST on Track.
Gallagher indicated that he expected the agency to meet its October deadline. “The NIST team has completed their work reflecting the last input from the Dallas workshop, and it will shortly go into a clearance process in time for a release that’s called for in the executive order,” he said.
Although the voluntary framework is primarily designed for owners and operators of U.S. “critical infrastructure” and their partners, it is expected to benefit a broader array of organizations across the private sector that are facing cybersecurity challenges, according to NIST, a division of the Department of Commerce.