Bill Defines New NIST Infosec TasksHouse Panel OKs Cybersecurity Coordination and Awareness Act
If enacted as approved, the Cybersecurity Coordination and Awareness Act also would charge NIST with creating IT security awareness and education campaigns for the public, improving the interoperability of identity management systems to encourage more widespread use and developing an IT security checklist for agencies to use before acquiring IT wares.
The bill, approved by the House Subcommittee on Technology and Innovation, goes to the full Science and Technology Committee, where it could be combined with another measure that requires an agency-by-agency cybersecurity skills assessment. If approved by the full committee, the legislation would go to the House.
The responsibility of coordinating the government representation in international cybersecurity standards development is parsed among different agencies without any consistent policy, said Rep. David Wu., the bill's sponsor and subcommittee chairman. He cited testimony from witnesses at a hearing two weeks ago who said NIST, because of its extensive technical expertise and established relationships with international bodies, would be ideally suited to serve as the government's coordinator on international cybersecurity standards.
In creating a public IT security awareness and education campaign, Wu cautioned NIST to be careful on its use of technical language. He credited NIST as a great resource for technical standards and best practices, but criticized it for too often providing guidance that is too technical for the average user. "The dissemination of more user-friendly standards will help raise the base level of cybersecurity knowledge among individuals, business, education and government," he said.
NIST already performs work on identity management systems such as biometrics, but this bill will direct the agency to improve the interoperability of these systems to encourage more widespread use. "By focusing on the usability and privacy aspects of identity management," Wu said, this bill "will ensure that biometric and other systems will be accepted by the public because they will have confidence in the security of their personal information."