A new forum is trying to reduce obstacles for businesses and government to work together on ways to improve cybersecurity.
Partnerships between the public and private sectors are not easy, said Patrick Gallagher, undersecretary of Commerce for Standards and Technology and director of NIST. That is why the National Cybersecurity Center of Excellence, established by the National Institute of Standards and Technology, is expected to provide a place where companies can work together in an environment that reduces friction.
The vision of the center is to “provide a world class, collaborative environment for integrating cybersecurity solutions that stimulate e-commerce and national economic growth,” said Donna Dodson, chief of the Computer Security Division and acting executive director of NCCoE during an introductory workshop on Tuesday in Rockville, Md.
A key aspect of the center’s mission is to encourage consumer confidence in the country’s information systems by developing integrated cybersecurity tools, Dodson added.
NIST announced the launch of the center in February. NIST is using $10 million from its budget to provide funding to get the NCCoE off the ground. Dodson said the Center wants to include several essential groups: business leaders, cyber technologists and the general public.
She said the goal is to find solutions that benefit and make sense to the end users, not only to those who understand technology.
The operational model of the center consists of four steps:
Business engagement and problem statement
Development of use cases
IT industry components selection
Implementation of the new cyber applications in an operational environment.
Dodson said the center wants to address problems that are real issues in companies today.
The “use cases” developed in the second step are detailed explanations of those particular issues that the center addresses. Karen Waltermire, an IT specialist in NIST’s Computer Security Division, said a use case could be a “specific complex cybersecurity challenge that requires an integrated solution and has clear benefits for one or more industry sector.”
Once the center evaluates proposed use cases and they have been publicly reviewed, the refined version will become the subject of a group effort to suggest a potential solution.
The process between identifying a problem and creating a prototype solution may take some time, said Matt Scholl, deputy chief of the Computer Security Division.
The goal of NCCoE is not to come up with one final solution. Rather, the center hopes that other companies will repeat the process to develop other potential answers.
But the NCCoE also wants to develop software. To do that, NCCoE needs industry workers who will bring their expertise to work together.
The center will provide basic facilitations such as collaborative space where companies can bring equipment and test users, Scholl said. In the end, the government wants to utilize NIST’s relationship with companies to look at problems from both a technological and a business view.
This collaboration through NCCoE benefits companies because it creates a place for them to bring individual components together to create a unified solution, said panelist Curt Barker, acting associate director of operations for NCCoE.
Businesses also can use the center to communicate with one another about what their specific needs are regarding a particular problem.
NIST wants the center to provide a structured setting for individual interests to share their ideas, Barker said. At the same time, the governance system must remain flexible to accommodate the constantly changing nature of the technology field.
Wixon said the center does not foresee granting licenses or patents. Companies who use their work with the center as a basis for developing solutions would be able to control the proprietary property for concepts developed outside of collaboration with the center.
Since the goal is to bring together many groups for input, the NCCoE will negotiate terms with participants on each problem solving group regarding intellectual property and other matters.
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.
Tom Temin is the host of The Federal Drive, which airs from 6-9 a.m. on 1500 AM in the Washington, DC region and online everywhere. Tom has 30 years experience in journalism, mostly in technology markets. Before coming to Federal News Radio, he was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines.