From: Defense One
Aliya Sternstein
The Obama administration has released a draft of computer security protocols for companies that operate key systems, such as chemical plants and the electric grid. The document admittedly does not address privacy issues.
Final guidelines to protect the networks that run critical infrastructure are due in February 2014 by executive order. This week’s preview is timed to coincide with a workshop in Dallas next week, where government officials and representatives from affected sectors will flesh out the voluntary procedures, a federal official said.
Earlier this summer, National Institute of Standards and Technology officials distributed an outline of the new draft. A final draft is expected to be published in October, according to NIST, the agency ordered to produce the standards.
Absent from the guidelines, officials acknowledge, will be advice on how to protect civil liberties, confirm the identities of system users, and minimize risks introduced by business partners in the supply chain. These will be addressed in future versions because they are “evolving areas that have yet to be developed or require further research and understanding,” the 36-page draft states.
Privacy remains a sticking point, as evidenced by controversy over proposed cybersecurity legislation that would allow the intelligence community to inspect timestamps, recipient names, senders and other “metadata” in emails for indicators of malicious transactions. “There are few identifiable standards or best practices to mitigate the impact of cybersecurity activities on individuals’ privacy and civil liberties,” NIST officials stated.
Leave a Reply