SEATTLE –The National Institute of Standards and Technology has curtailed work groups, conferences and most other work, because of the government shutdown.
That's bad news for the global cybersecurity community.
In February, President Obama raised NIST's profile by issuing an executive order assigning NIST to lead development of a framework for voluntary information sharing aimed at stemming cyberattacks on water and power plants and other critical systems.
CyberTruth video: Cybersecurity order aims to foster sharing
That White House directive was necessitated by private industry's effective campaign to stymie comprehensive cybersecurity legislation, which Rep. Jim Langevin, D-RI, has pushed hard the past two years.
Meanwhile, ICS-CERT, lives on. The Department of Homeland Security launched ISC-CERT in 2009 to help keep track of discoveries of fresh vulnerabilities in software and hardware. CyberTruth asked Jeff Hudson, CEO of digital certificate management company Venafi, to supply wider context.
CT: What are the wider ramifications of shutting down NIST?
Hudson: A downed national security and best practices site signals to the bad guys that federal online properties have been abandoned, with no one to mind the figurative store. Who knows what information NIST and other shuttered agencies house on their Web severs, or what vulnerabilities are going unpatched that criminals can take advantage of.
CT: What happens if the government shutdown runs several weeks?
Hudson: If NIST remains closed for an extended period, there will be an effect on its ability to provide critical and timely guidance. If no one is available to observe, research and report on cybersecurity incidents and situations, then organizations could end up being at a loss when it comes to future standards setting.
CT: Where can organizations access guidance docs while the website is down?
Hudson: Many outside resources will have access to NIST papers and bulletins. We provide access to the agency's most recent guidance on attacks on trust and the increased risk of certificate authority (CA) compromises on our website.
CT: How would summarize what the Obama Administration has been able to accomplish on the cybersecurity front?
Hudson: This administration has focused increased and valuable attention on cybersecurity, though more must to be done. The current administration needs to find ways to encourage both private and government-funded research to invest in IT security efforts that can better protect intellectual property, our competitive advantages as well as citizens' privacy and identities from cyber attacks, all of which have seen a dramatic increase and often tied to foreign entities and nations.