Government Officials Continue to Reference NIST Framework

On Thursday, June 12, 2014, while delivering remarks on cybersecurity at the American Enterprise Institute in Washington, D.C., Federal Communications Commission Chairman Tom Wheeler challenged businesses to be more proactive in addressing increasingly prevalent threats to their cybersecurity, urging them to embrace a “new paradigm” in which the private sector takes the lead and regulators step in to address shortcomings. In doing so, he urged businesses to use the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. Wheeler's comments followed similar comments two days earlier by U.S. Securities and Exchange Commissioner Luis Aguilar. As mentioned in our previous advisory, during a "Cyber Risks and the Boardroom" Conference at the New York Stock Exchange on June 10, 2014, Commissioner Aguilar noted that while the NIST Framework provides voluntary guidance for any company, some commentators have already suggested that it will likely become a baseline for best practices by companies, including in assessing legal or regulatory exposure to cybersecurity issues or for insurance purposes.   Please contact Christin McMeley with any inquiries at 202.973.4264.