And the Cobbler's Children Have No Shoes ....

Paul Rosenzweig
Monday, April 21, 2014, 7:00 AM
For quite some time, it has been apparent that the announcement of the NIST Cybersecurity Framework would be a seminal event.  Though couched as a voluntary program, many expected that the Framework would become the de facto ground for liability.  After all, if the National Institute for Standards and Technology has determined a baseline framework for optimal security in the cyber domain,

Published by The Lawfare Institute
in Cooperation With
Brookings

For quite some time, it has been apparent that the announcement of the NIST Cybersecurity Framework would be a seminal event.  Though couched as a voluntary program, many expected that the Framework would become the de facto ground for liability.  After all, if the National Institute for Standards and Technology has determined a baseline framework for optimal security in the cyber domain, what could be more negligent than failing to meet that minimum standard? Unsurprisingly, the penny has begun to drop.  Not, as one might have expected, in private sector tort suits, but in public sector regulatory action.  Last week, the Securities and Exchange Commission announced its intention to conduct an examination of the cybersecurity of 50 broker-dealers and investment advisers subject to its jurisdiction.  The questionnaire derives much of its content from the NIST Framework---so now the Framework will be the likely potential ground for regulatory action. How ironic then, that in the same week, the GAO issued a report critical of the SEC for its own lack of adequate cybersecurity and oversight.  Perhaps the cobbler's children don't have any shoes ....

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare