From FCW:

Kathryn Waldron, a cybersecurity fellow at the R Street Institute, emphasized that most of SolarWinds victims were private companies, not government agencies. NIST’s new publication proves “just how desperately both government agencies and private companies need to change the way they think about cybersecurity,” she said.

“Private organizations — both companies and academic institutions — that work with the government need to realize how appealing a target they are to countries that are looking to harm the United States,” Waldron said.

Waldron also noted NIST’s new guidelines come a few months after the intelligence community lobbied under former President Donald Trump the White House to rescind an Obama-era executive order that established the Controlled Unclassified Information program.

A December memorandum sent to National Security Advisor Robert O’Brien by then Director of National Intelligence John Ratcliffe said the program poses “insurmountable hurdles” and has become “unsustainable,” according to a letter published by the Federation of American Scientists.

“We have yet to see if the new DNI or the Biden administration feel the same way about the CUI program,” Waldron said. “But the fact that federal intelligence agencies have struggled to comply with the CUI program could potentially hinder the rollout of these new guidelines.”

Featured Publications