Senate to hold cyber framework hearing

The Senate Commerce Committee will hold 2015’s first hearing Wednesday on the government’s voluntary cybersecurity framework, created in response to a directive from President Obama.

The framework is intended to give companies a method to assess and mitigate their cyber risks. The government’s standards-setting agency, the National Institute of Standards and Technology (NIST), collaborated with the private sector and academics to put together the guide.

{mosads}“There is no quick fix to guard against cyber threats,” said Commerce Chairman John Thune (R-S.D.). “This hearing is part of a continued bipartisan effort to make it more difficult for dangerous hackers, criminals and malicious state actors in our increasingly Internet-based society.”

Obama ordered the NIST to establish the framework as part of his 2013 executive order on cybersecurity. The White House issued the directive in part because it couldn’t get a desired online consumer privacy bill through Congress.

The NIST’s efforts, and the resulting framework released in February 2014, have mostly received bipartisan support.

But while many have noted the NIST cyber guide has benefited large companies and industry trade groups, adoption and awareness among smaller firms remains minimal. 

“Real progress can be made by continuing to enhance public-private cooperation and improving cyber threat information sharing,” Thune said.

Congress is expected to consider legislation this year that would enhance the exchange of cyber threat data between the public and private sector.

The NIST will also play a pivotal role in the White House’s upcoming cybersecurity summit on Feb. 13 at Stanford University. The agency is hosting a half-day conference the day before with top executives to discuss the technical aspects of implementing better cybersecurity.