NIST Workshop November 14-15

Cybersecurity Needs Health Sector Input

Seeking: Health sector input into The National Institute for Standards and Technology’s (NIST) national voluntary framework for improving cybersecurity

Target Audience: Those who have operational, managerial and policy experience and responsibilities for cybersecurity, technology and/or standards development for Critical Infrastructure companies and others in the health care sector dealing with cybersecurity risks

What: NIST’s Fifth Cybersecurity Framework Workshop
When: November 14-15, 2013
Where: North Carolina State University, Raleigh NC
Register for this event, deadline is Friday Nov. 7th.

Background

As you may know, earlier this year the White House issued Executive Order 13636. Improving Critical Infrastructure Cybersecurity. In this order, President Obama directed the National Institute for Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework for reducing cyber risks, recognizing that U.S. national and economic security, health and safety depends on the reliable functioning of critical infrastructure. The framework is being developed explicitly to reduce risks to the critical infrastructure (i.e.,” systems and assets, whether physical or virtual that are so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters”). However, it can be applied by other organizations to improve their readiness to deal with increasing Cybersecurity risks in all industries, including the health sector.

Through a request for information and a series of workshops held throughout 2013, NIST has engaged with more than 3,000 individuals and organizations on standards, best practices and guidelines that can provide businesses, their suppliers, their customers and government agencies with a shared set of expected protections for critical information and IT infrastructure.

The Preliminary Framework outlines a set of steps that can be customized to various sectors and adapted by both large and small organizations while providing a consistent approach to Cybersecurity. It offers a common language and mechanism for organizations to determine and describe their current Cybersecurity posture, as well as their target state for Cybersecurity. The framework will help them to identify and prioritize opportunities for improvement within the context of risk management and to assess progress toward their goals.

The framework will foster communications among internal and external stakeholders and help organizations hold each other accountable for strong cyber protections while allowing flexibility for specific approaches tailored to each business’ market and regulatory environment. Its integrated approach focuses on outcomes, rather than any particular technology, to encourage innovation.

NIST is specifically seeking more input from those involved in the health sector.

NIST will hold a workshop to discuss the Preliminary Framework—including implementation, governance and privacy and civil liberties—Nov. 14 and 15, 2013, at North Carolina State University.

The Preliminary Framework can be found at NIST.gov and an announcement of the opening of the official comment period will run in the Federal Register.