The Obama administration issued a strategy late last month that it hopes will better position the United States government to support the development of international cybersecurity standards. The strategy seeks to make the government an active participant and facilitator in the standards development process, said White House Cybersecurity Coordinator Michael Daniel in a Dec. 23 post to the White House blog.

The strategy covers interagency coordination, collaboration with industry and international partners, and identifies the federal agencies tasked with participation in international standards development, training and education.

The new White House strategy comes in the form of a National Institute of Standards and Technology interagency report and supplemental document, authored by a working group within the National Security Council's cyber interagency policy committee. 

"We believe that a consensus-based, private sector-driven international standards development process, with input from all interested stakeholders, is superior to a top-down, national government-controlled approach to standards," said Daniel. "We are committed to advocating for the adoption of a global approach to standards development around the world."

Daniel said the working group will work with private sector partners to begin implementing the plan in 2016.

Among the strategic objectives outlined in NIST-IR 8074 (pdf), the government intends to ensure international standards are sufficient, particularly for critical infrastructure, and match U.S. interests and begin adopting internationally recognized standards "as a key part of [U.S. government] procurement policy to support secure and resilient operations."

In assessing international standards, the report noted that review will consider what is technically sound, readily available and formulated through an open, transparent, consensus-based and evolving process.

In the blog post, Daniel noted that common cybersecurity standards will make it easier for technology companies to develop and sell their products and services if people understand cybersecurity and recognize best practices more uniformly.

The document noted that international cybersecurity standards will further international trade and U.S. competitiveness. Through the strategy, the U.S. government is also pushing for the development and use of performance-based standards for cybersecurity.

"Cybersecurity standards with performance-based requirements are more likely to encourage innovation and enable competition than standards based upon prescriptive design requirements. Prescriptive design standards are sometimes necessary, however, particularly for describing test methods or procedures," noted the interagency report.

A supplement (pdf) to the interagency report summarized ongoing international cybersecurity standards activities and an inventory of public-private collaboration on the topic within the United States.

For more:
read the White House blog post
download NIST-IR 8074 (.pdf)
download NIST-IR 8074 v2 (.pdf)

News Source: 

Molly Bernhart Walker,, 4 January 2016

News Tags: