USTelecom’s Senior Vice President, Cybersecurity Robert Mayer recently discussed a number of inter-related cyber policy challenges and the need for industry-government collaboration to help accelerate activities that will better protect America’s economic and national security. In an exclusive interview published in InsideCybersecurity.com (gateway content), Mayer noted that "over a dozen" cyber policy recommendations and strategies are due at the White House in the coming months, including a January 5 report on botnets and other Internet of Things-related risks that is a prime focus of USTelecom's cyber activities.
Mayer noted continuity between the Trump administration and the work established in [President Obama’s] Executive Order 13636 that started the framework process and established a partnership model. President Trump's Executive Order 13800 accelerated activities in this area with the expectation that the focus be on developing the capacity to respond to a threat model that endangers economic and national security.
Mayer went on to discuss the continuing evolution of the National Institute of Standards and Technology (NIST) framework -- leading to the planned release of version 1.1 early next year. He expressed appreciation for NIST's reaction to industry input and willingness to take another look at the agency's initial approach to issues like measuring effectiveness, long a hot-button issue for industry stakeholders.
He went on to say USTelecom and other industry stakeholders were pleased that NIST decided to separate how government agencies should measure their uses of the framework from how private entities would make use of metrics. The Trump executive order requires agencies to implement the framework as the centerpiece of their risk management strategies.
Mayer also made note of outreach efforts from the Department of Homeland Security, particularly in following up on language in the Trump executive order related to "most critical" entities that had been identified in Section 9 of Obama-era Executive Order 13636.
Most importantly to the future of effective cybersecurity measures, Mayer asserted, is the shared commitment by all stakeholders to hold both government and industry accountable.