This week NIST updated their proposed
draft for the Cybersecurity Framework that will be the focus of the
upcoming Cybersecurity
Workshop (#3) in San Diego. The changes came just about a week after the original
draft was posted.
The changes are mostly word-smithing; the most common change
is replacing ‘cyber risk’ with ‘cybersecurity risk’. The change in wording
seems to be relatively minor but they almost certainly reflect some serious
political responses to the first draft.
The fact that NIST responded with changes so quickly (a one-week
turnaround is unheard of) indicates the level at which those responses occurred.
I am not sure which bothers me more at this point; the fact
that there is already this level of political interference into what should be
a mainly technical discussion at this point, or that the leadership at NIST so
badly read the politics of this process that they didn’t vet this document with
the White House before issuing it. Both of these bode ill for the further
development of a useful Cybersecurity Framework.
Posts
No comments:
Post a Comment