On October 22, NIST released the official Preliminary Cybersecurity Framework under development pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity. A formal 45-day comment period will begin once the Preliminary Cybersecurity Framework is published in the Federal Register, which is expected next week. NIST remains on track to meet the Executive Order’s February 2014 deadline for issuance of the final Cybersecurity Framework.
On August 28, NIST released a discussion draft of the Preliminary Cybersecurity Framework that it is developing pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity. NIST invites stakeholder review and input of this discussion draft, leading into the publication of the Preliminary Cybersecurity Framework on October 10 for formal public comment. The discussion draft follows on what has already been an active summer with respect to cybersecurity.
In the past week, both the White House and Senate have taken some notable steps on cybersecurity. Both sets of developments largely relate to the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST) pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity.
Development of the new Cybersecurity Framework is now in full swing. President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity (which we previously covered) calls on NIST to lead the development of a Cybersecurity Framework that will provide “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address […]
On February 12, President Obama signed an Executive Order on “Improving Critical Infrastructure Cybersecurity,” and then referenced the Order and the need for additional congressional action during the State of the Union address on the same day: America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate […]
Cybersecurity is on the 113th Congress’ agenda given recent developments in the U.S. Senate. Today Senator Rockefeller, Chairman of the Commerce Committee, released a staff memorandum presenting the responses his office received to his September 2012 letter regarding cybersecurity practices. The letter, which we discussed in a previous post, went to the CEOs of every Fortune 500 company and requested responses to eight questions […]
Recent guidance from the National Institute of Standards and Technology (“NIST”) encourages federal agencies to take advantage of cloud computing. It also provides draft security and privacy guidelines for federal agencies to follow when engaging cloud providers. The draft guidelines serve as roadmaps for how to negotiate meaningful privacy and data security protections from cloud providers. Though prepared for federal agencies, the draft guidelines could prove influential to the private sector as an increasing number of private businesses use cloud services. NIST has requested comments on the drafts by no later than February 28, 2011.
A presentation by Hogan Lovells privacy partners compares European Commission “EG2” privacy recommendations for smart grids with the comparable recommendations of the NIST. We explain the concept of “privacy by design” in the smart grid environment and the use of detailed privacy use cases to mitigate system risks. The presentation compares the U.S. concept of “PII” with the European concept of “personal data” and discusses the risks associated with transferring household electricity data to third parties, as is mandated by California and Italian law.