Cybersecurity center aims at increasing business-government collaboration

Thursday - 6/28/2012, 6:44am EDT

Charles Romine, director, NIST Information Technology Laboratory

Download mp3

By Esther Carey
Special to Federal News Radio

A new forum is trying to reduce obstacles for businesses and government to work together on ways to improve cybersecurity.

Partnerships between the public and private sectors are not easy, said Patrick Gallagher, undersecretary of Commerce for Standards and Technology and director of NIST. That is why the National Cybersecurity Center of Excellence, established by the National Institute of Standards and Technology, is expected to provide a place where companies can work together in an environment that reduces friction.

The vision of the center is to "provide a world class, collaborative environment for integrating cybersecurity solutions that stimulate e-commerce and national economic growth," said Donna Dodson, chief of the Computer Security Division and acting executive director of NCCoE during an introductory workshop on Tuesday in Rockville, Md.

A key aspect of the center's mission is to encourage consumer confidence in the country's information systems by developing integrated cybersecurity tools, Dodson added.

NIST announced the launch of the center in February. NIST is using $10 million from its budget to provide funding to get the NCCoE off the ground.

Patrick Gallagher, director, NIST

Dodson said the Center wants to include several essential groups: business leaders, cyber technologists and the general public.

She said the goal is to find solutions that benefit and make sense to the end users, not only to those who understand technology.

The operational model of the center consists of four steps:

  • Business engagement and problem statement

  • Development of use cases

  • IT industry components selection

  • Implementation of the new cyber applications in an operational environment.

Dodson said the center wants to address problems that are real issues in companies today.

The "use cases" developed in the second step are detailed explanations of those particular issues that the center addresses. Karen Waltermire, an IT specialist in NIST's Computer Security Division, said a use case could be a "specific complex cybersecurity challenge that requires an integrated solution and has clear benefits for one or more industry sector."

Once the center evaluates proposed use cases and they have been publicly reviewed, the refined version will become the subject of a group effort to suggest a potential solution.

The process between identifying a problem and creating a prototype solution may take some time, said Matt Scholl, deputy chief of the Computer Security Division.

Collaborative space

The goal of NCCoE is not to come up with one final solution. Rather, the center hopes that other companies will repeat the process to develop other potential answers.

But the NCCoE also wants to develop software. To do that, NCCoE needs industry workers who will bring their expertise to work together.

The center will provide basic facilitations such as collaborative space where companies can bring equipment and test users, Scholl said. In the end, the government wants to utilize NIST's relationship with companies to look at problems from both a technological and a business view.

This collaboration through NCCoE benefits companies because it creates a place for them to bring individual components together to create a unified solution, said panelist Curt Barker, acting associate director of operations for NCCoE.

Businesses also can use the center to communicate with one another about what their specific needs are regarding a particular problem.

NIST wants the center to provide a structured setting for individual interests to share their ideas, Barker said. At the same time, the governance system must remain flexible to accommodate the constantly changing nature of the technology field.

Henry Wixon, chief counsel for NIST, said the NCCoE plans to operate under Cooperative Research and Development Agreements (CRADAs) and/or possibly consortium agreements.

Wixon said the center does not foresee granting licenses or patents. Companies who use their work with the center as a basis for developing solutions would be able to control the proprietary property for concepts developed outside of collaboration with the center.

Since the goal is to bring together many groups for input, the NCCoE will negotiate terms with participants on each problem solving group regarding intellectual property and other matters.

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.

Esther Carey is an intern at Federal News Radio.

RELATED STORIES:

NIST launches Cybersecurity Center

Md. to work with NIST on cybersecurity center