Maryland Signs Cybersecurity Agreement With NIST

BalticServers_data_center

Maryland’s state backed cybersecurity initiative is getting another boost, this time from NIST. The state has signed an agreement with the organization to boost investment in the local cybersecurity economy and build out research and development.

Last year, Maryland announced a broad-based initiative to boost the local cybersecurity economy which included tax credits, university partnerships, and public-private partnerships in order to get things moving. Since then, state lawmakers have expanded the local tax incentive regime in an effort to bring more cybersecurity businesses to the state. Maryland’s proximity to the federal government and existing military and university infrastructure give the state a leg up in these efforts which are being replicated in nearby Virginia as both vie for the industry.

The NIST agreement will help to build out Maryland’s National Cybersecurity Center of Excellence.

NIST also released its latest cybersecurity framework for critical infrastructure. Under the terms of Executive Order 13636: Improving Critical Infrastructure Cybersecurity, the standards are meant to be voluntary, although it’s unlikely that critical infrastructure organizations will be able to get away with noncompliance for long.

Organizations can use the framework to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity. It also offers a methodology to protect privacy and civil liberties to help organizations incorporate those protections into a comprehensive cybersecurity program.

The framework document is labeled “Version 1.0” and is described as a “living” document that will need to be updated to keep pace with changes in technology, threats and other factors, and to incorporate lessons learned from its use. According to the document, these updates will ensure the framework meets the needs of critical infrastructure owners and operators in a dynamic and challenging environment.