Improving Critical Infrastructure Cybersecurity: The Cybersecurity Framework and Beyond

President Obama’s Executive Order 13636 mandated the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a comprehensive approach to mitigating cyber risk for critical infrastructure. Following an unprecedented year of stakeholder engagement, the final Cybersecurity Framework was published on February 12. This voluntary set of standards, guidelines and best practices is intended to reduce cyber risks and promote the protection of critical infrastructure. But how will the Framework look once it is put into practice by industry? And once it is, how does the government support the use of the Framework? And, crucially, will it improve national and economic security?

On February 19, the Center for 21st Century Security and Intelligence at Brookings hosted a panel discussion evaluating the NIST Framework. Panelists included Patrick D. Gallagher, the director of NIST; Cameron Kerry, a distinguished fellow with Governance Studies at Brookings and former acting secretary and general counsel of Commerce; and Dean Garfield, president and CEO of the Information Technology Industry Council. Ian Wallace, visiting fellow in cybersecurity at Brookings, moderated the discussion.