The Cybersecurity Framework at One Year

One year after publication, the administration’s Cybersecurity Framework remains a work in progress, but it is helping to drive and define discussions on the need for cybersecurity as an integral part in the risk management of our critical infrastructure. The administration’s Framework for Improving Critical Infrastructure Cybersecurity marked its first birthday this month, and although … Continue reading The Cybersecurity Framework at One Year

NIST seeks modest bump in cybersecurity funding in ’16 budget request

The Commerce Department’s budget request for fiscal 2016 includes 7 percent increase in cybersecurity funding at NIST to support research and standards development to protect the nation’s IT systems and critical infrastructure. The additional $7 million would help fund 10 new full time positions to expand the institute’s work in cryptography and privacy. The National … Continue reading NIST seeks modest bump in cybersecurity funding in ’16 budget request

FedRAMP Forward—Government’s roadmap for Cloud Computing

The first two-and-a-half years of FedRAMP—the government’s program to jump-start adoption of cloud computing through blanket security authorizations for service providers—has been a success; but the Federal CIO Council has created a two-year roadmap to speed agency adoption of cloud services, increase the pool of certified service providers, and keep security requirements up to date. … Continue reading FedRAMP Forward—Government’s roadmap for Cloud Computing

Managing risk in the Smart Grid

The administration has produced guidelines for protecting the nation’s critical infrastructure—a voluntary risk-based framework that tells system owners and operators what they should do to manage cybersecurity risks. Research from Waverley Labs and the University of North Carolina at Charlotte has developed a risk assessment model for the smart grid that could tell them how … Continue reading Managing risk in the Smart Grid