Privacy & Cybersecurity Update: NIST Issues Request for Information on Critical Infrastructure Cybersecurity Practices

On February 26, following close on the heels of the recent executive order setting forth the administration’s approach to the regulation of critical infrastructure network security, the National Institute of Standards and Technology (NIST) released an initial public notice and request for information (the NIST Notice). The release of the NIST Notice is the first action in a year-long process through which NIST will develop the new voluntary framework for private sector critical infrastructure cybersecurity called for in the executive order (the Framework). The comments requested in the NIST Notice provide the first opportunity for private sector operators of critical infrastructure to provide direct input into the crafting of the Framework.

What Companies Are Affected?

The NIST Notice for the first time begins the task of empirically defining the set of critical infrastructure to be addressed in the Framework. In particular, NIST asks commenters for their input on infrastructure that supports their critical organizational assets and calls out five specific sectors upon which organizations may be relying:

• telecommunications;

• energy;

• financial services;

• water, and

• transportation.

Firms in those five sectors and in other sectors with the potential to be deemed “critical infrastructure” should pay close attention to the development of the Framework.

Please see full memorandum below for more information.

LOADING PDF: If there are any problems, click here to download the file.