CABA Information Series
(IS-2014-89) NIST Roadmap for Improving Critical Infrastructure Cybersecurity
The National Institute of Standards and Technology has put together a Roadmap for Improving Critical Infrastructure Cybersecurity. This paper is a companion to their previous paper titled ‘The Framework for Improving Critical Infrastructure Cybersecurity’. It discusses the ways in which owners of critical infrastructure can best protect information and assets from cyber attacks. The Framework is continually evolving and changing to keep up with the best current practices. Some high-priority areas for development, alignment and collaboration are outlined. Development of authentication mechanisms is the first high-priority area discussed. Next, automated indicator sharing needs to be standardized between communities and organizations in order to effectively make use of shared data and the indicators. Leveraging of conformity assessment is discussed. The lack of skilled cybersecurity workers will continue to be an issue and the NIST has recommendations of what can be done in the future to expand the workforce. Challenges that must be overcome in order for data analytics to unlock their full potential are outlined and some solutions proposed. The proposed framework should comply with the already existing Federal Agency Cybersecurity programs. NIST will continue to work on an international scale to ensure efficient global operations by communicating with the international community about the cybersecurity Framework. Supply chain risk management is outlined and discussed. Finally, technical privacy standards are discussed.