After Healthcare.gov Debacle, Group Pushes for Tests of NIST Cybersecurity Framework

November 15, 2013 – In The News
Computer World

Scott Vernick was quoted in the Computer World article, "After Healthcare.gov Debacle, Group Pushes for Tests of NIST Cybersecurity Framework." Full text can be found in the November 15, 2013, issue, but a synopsis is noted below.

The Internet Security Alliance (ISA), a multisector trade association, wants to know what adoption of a new cybersecurity framework will entail for companies in critical infrastructure industries.

In a proposal pitched to the Department of Homeland Security and sector-specific agencies, the ISA has called for beta tests on the National Institute of Standards and Technology's (NIST) framework to identify the cost-effectiveness of adopting the controls it recommends.

“Testing the cost-effectiveness of the NIST's protocols is a good idea in theory, but would likely be hard to pull off,” said Vernick.

One of the major goals of the NIST framework is to help critical infrastructure operators enable measures for better threat-information sharing between other companies and the government.

“To effectively test the recommended NIST controls, beta testers will need to share information with other testers, which could pose a challenge for many.” There are other major issues as well, noted Vernick. “Who would pay for the tests? How do you share information on the outcome of the tests and who would own the results?"