The National Institute of Standards and Technology hopes its second cybersecurity...

is being webcast and continues through Friday at Carnegie Mellon University in Pittsburgh, to begin creating the initial set of standards, best practices and procedures that will be included in the voluntary framework. NIST and the Department of Homeland Security are leading development of the framework as directed by President Barack Obama’s cybersecurity executive order (CD Feb 14 p1). The participants will also begin identifying themes that cut across the different critical infrastructure sectors that are involved in the framework’s development. Participants will base their discussions on the comments NIST collected in its initial request for information, as well as a NIST analysis of those comments that identifies common themes and issues (http://1.usa.gov/10u8IYf). It’s important that the workshop result in a “best in class” initial consensus because the workshop’s output will directly affect what’s discussed at the next workshop, scheduled to run from July 10-12 at the University of California, San Diego, Gallagher said. “These workshops must build on each other.” NIST hopes the July workshop will be able to focus on selecting framework components, said Adam Sedgewick, NIST senior information technology policy advisor. A fourth workshop, to occur in September, will help finalize what’s included in the draft framework that goes public in October, he said. While there will eventually need to be a consensus on the entire framework, “not all of the discussions this week will meet with unanimous consent,” Gallagher said. A lack of consensus in some areas is fine, however, because “the framework will be better if we bring in all viewpoints” at this stage in its development, he said. NIST’s role is only to support the industry participants, not to “choose or develop particular standards or solutions,” Gallagher said. “This is your work product, not ours.”