House Committee Asks NIST To Improve Cybersecurity For Retailers, Internet Of Things

King & Spalding

On June 7, 2016, the House of Representatives’ Committee on Appropriations (the “Committee”) reported out a funding bill that would fund the National Institute of Standards and Technology (“NIST”) to work with the retail industry to promote cybersecurity measures specific to the retail industry, as well as to continue its work managing and standardizing security practices for the “Internet of Things.”

The Committee’s report, H. Rep. 114-605, calls on NIST to “to build on its existing industry-sector focused work to create a retail-specific cybersecurity initiative and partner, as appropriate, with academic entities and national leaders in retail cybersecurity and retail supply chain management and logistics.” Retailers’ cybersecurity profiles have been a subject of the Committee’s concern in reviewing past appropriations as well. For fiscal year 2016, the Committee addressed NIST’s National Cybersecurity Center of Excellence specifically, encouraging it to develop “use cases and tools [for the retail sector] in partnership with retailers and universities.” NIST ’s budget request for fiscal year 2017 did not specifically outline new programs targeted at retailers or their suppliers, but its initiatives will likely include continuing work on multifactor authentication for e-commerce and non-PCI sensitive data.

The June 7 Committee report also commended NIST’s work to secure the network of physical consumer products, vehicles and industrial equipment known as the Internet of Things. In May, NIST released the final draft of its first Framework for Cyber-Physical Systems. If the framework sees adoption, it could provide a consistent basis for discussing, comparing, and ultimately improving connected devices’ security. In this sense, the framework dovetails with another cybersecurity initiative included in the President Obama’s final budget, the Cybersecurity Assurance Program, which would test and certify the security of Internet of Things endpoints.

NIST has emerged as a leading source of coordination and guidance on the federal government’s cybersecurity priorities. To date, the agency’s most significant cybersecurity initiative has been its 2014 Cybersecurity Critical Infrastructure Framework, which has already been cited as a best practice in industry and influenced other regulators’ approaches. The Committee’s appropriations vote this month suggests that Congress trusts NIST to expand on its industry-specific and framework-based successes in the coming year.

Reporter, Daniel Ray, Silicon Valley, +1 650 422 6715,

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.