(Adobe Stock)
Part of the federal government’s approach to cybersecurity is developing unified security standards across all agencies. The National Institute of Standards and Technology (NIST) develops those security standards and guidelines for agencies, contractors and critical infrastructure.
- Ron Ross, NIST fellow who leads this effort, said he recommends organizations simplify their infrastructure to protect against cyber attacks, deploying only what is necessary for mission-essential operations.
- He also said to determine how much loss one is willing to accept, which will drive the amount of cybersecurity protection.
- Ross said the government has made great progress over the past few decades but that “in cybersecurity, you never really sleep well at night” and the emphasis is now on engineering to build resilient systems and limit damage from adversaries.
- He said the NIST standards and guidelines apply to both IT systems and industrial control systems.
- While NIST does not have statutory authority over the Defense Department and the intelligence community, they have voluntarily adopted some of the standards and guidelines.
