Water Utility Groups Seek Flexibility In NIST Cybersecurity Framework

摘要

Drinking and wastewater utility groups say they would be more likely to adopt voluntary cybersecurity practices being developed by the U.S. Commerce Department's National Institute of Standards and Technology (NIST) if NIST fully considers the costs and regulatory burdens to the sector. Under an executive order and policy directive signed by President Obama Feb. 12, NIST is developing a framework to improve the cybersecurity of the nation's critical infrastructure, including voluntary consensus standards that EPA and other agencies will use to assess sectors' preparedness and guidance for measuring agencies' and sectors' performance in implementing the framework. The directive singles out water systems as the only sector subject to EPA oversight, although the agency concedes in April 10 comments to NIST that it currently lacks statutory authority to regulate the water sector's cybersecurity.