An anonymous veteran left a brief comment yesterday on apost from this weekend about the newest request for information supporting the
President’s cybersecurity EO. Kind words are always appreciated, but a very
important point was made when the vet wrote:
“I will tamp down my cynicism
momentarily and instead emphasize that I appreciate the opportunity for
stakeholders to engage. There are many times when this opportunity is not
even provided.”
In my criticism of the timing of the RFI I did not take
enough time to recognize the fact that the agency did, in fact, request public
participation in the formative stages of this rule making process. This whole
Cybersecurity Framework process has been designed to encourage participation by
the regulated community and that is always a good thing. While this inevitably
slows down the process, it should ultimately make this voluntary-participation
based program more successful.
The only real downside to date has been the relatively poor
public participation, particularly from the subject matter experts in the
cybersecurity community. I have been reminded though, through a variety of
comments in discussions on this topic in LinkedIn groups that many
organizations are providing more detailed comments through some of the less
public venues provided for by the government. These are being utilized to
provide for a fuller discussion of actual and perceived vulnerabilities that
the organizations don’t want to become public.
But yes, Anonymous, a request for public comments, however
late, is a good thing. Responses will make it even better.
Posts
No comments:
Post a Comment