I just returned from the beautiful UC San Diego campus (hmmm, if only I could travel back in time and attend this school instead ...) where NIST assembled hundreds of cyber security (and other) professionals to advance the initiative known as the Critical Infrastructure Cybersecurity Framework, or CSF for short.
So far some are happy with progress made and some are quite the opposite. I think a little more time will have to pass and we'll have to see what comes out of the NIST oven ahead of the final workgroup session coming up in Dallas.
In San Diego, we spent a lot of time in groups fleshing out the categories and subcategories in various cyber security-related functional areas ... not sure how productive that activity will prove to have been. However, towards the end of the day on Thursday everyone had a chance to participate in one of several break out sessions. I won't list them all here, but some were Privacy, Small Business, DHS, and the one I worked in was the Senior Executive Cyber Security Support session facilitated by Kiersten Todt and attended by what looked like 40 or 50 folks.
So, our challenge was to generate strategies for engaging CEOs, Boards of Directors and other senior leaders to, once it's built, buy into the CSF triggered by Presidential Executive Order 13636: "Improving Critical Infrastructure Cybersecurity" earlier this year. Going in I was skeptical that a bunch of security folks would have any idea how to communicate effectively with, let alone persuade, senior business or Federal executives about anything.
Fortunately, there were at least a handful in the room who in their careers had regular and frequent exchanges with large company CEOs, other C-Suiters, and sometimes Board members. And their Federal and DoD counterparts as well.
Hundreds of ideas were articulated rapid fire (I pitied the scribe but it looked like she was keeping up) and I'll leave it to NIST to select out and leverage the ones they think can be helpful. But I'll use this space to call out two I think had significant merit:
- One person said government should do test runs of CSF on a handful of companies to demonstrate effectiveness and costs and that the results could then be used as evidence. Assuming benefit can be demonstrated, it could be packaged as a cost/benefit analysis to support discussions with senior management
- Even if NIST and the crew constructing the CSF does a fine job and creates something potentially useful for the different industries it's designed to help, unless it's introduced via an outstanding marketing campaign targeting the right outlets (e.g., WSJ, Barrons, HBR, etc.) the CSF will never get the attention it needs to succeed. Take-away for NIST and partners: be ready to focus nearly as much (or maybe more) on marketing, messaging and communications strategies as we are on building a good product
Photo credit: UCSD Math Dept.
Quickly this site will indisputably be famous among all blogging people, because of its fastidious articles or reviews. Big Data and Bigger Breaches With Alex Pentland of Monument Capital Group
ReplyDeleteYour blogs are easily accessible and quite enlightening so keep doing the amazing work guys.american cash loans
ReplyDeleteI have got the good information through your blog; I will share this to my friends as well.
ReplyDeleteadvanced loans
Thank you I am glad about the encouragement! I love your site, you post outstanding.cheap life insurance
ReplyDeleteThe problem is that you provide may be worth our time and also effort.orogold cosmetics
ReplyDeleteI am greatly thankful to you for this exciting blog; I am cheerful because of your smart working really. Sugar Land roofing
ReplyDeleteHmm!! This blog is really cool, I’m so lucky that I have reached here and got this awesome information.payday loan 100 online
ReplyDeleteNice working guys, I am cordially with you to appreciate your all posts. ipv d2 75w
ReplyDeleteWhenever I have free time I read the blogs but today I got the unique blog page where I learnt many new things thanks guys! Lakeville bathroom remodel
ReplyDeleteThank you I am glad about the encouragement! I love your site, you post outstanding.online payday loan
ReplyDeleteWith polite greetings I want to say that this post is amazing!! Thanks online payday loans
ReplyDeleteRegarding all aspects the blog was perfectly nice. Adam Short
ReplyDeleteGuys you did great work. I’m very pleased to say that these are wonderful articles and blogs. Thanks for this. term life insurance
ReplyDeleteI have actually bookmarked your site because I truly love this knowledgeable source of information. Thanks personal cash advance
ReplyDeleteYou’ve put enormous insights about the topic here, continue the good work! water softener reviews
ReplyDeleteI am so happy and proud of you to provide such amazing stuff, I’m truly thankful to you! NY Pharmacy Error Attorneys
ReplyDeleteHi Dear, have you been certainly visiting this site daily, if that's the case you then will certainly get good knowledge. Vine Vine Skin Care
ReplyDeleteThis is really an excellent blog as well as its content. Vine Vera Reviews
ReplyDeleteI love the way you write your post. Each and everything is simply perfect. Thanks depression life insurance
ReplyDeleteThe quality of your blogs and conjointly the articles and price appreciating. vehicle wraps
ReplyDeleteThis report on cybersecurity critical infrastructure in the USA is really very interesting. It is really essential to protect important information and national security from any cyber attack.
ReplyDelete