The National Institutes of Standards and Technology is on track to develop a preliminary set of voluntary cybersecurity standards by October, according to the head of the agency.
Patrick Gallagher, NIST director, said at a Senate Commerce, Science and Transportation committee hearing Thursday that the agency is working closely with private industry as mandated by a Feb. 19 executive order.
“We have made significant progress but we still have a lot to do,” Gallagher said.
He said the agency has already held three workshops for industry feedback and will continue to work with the private sector to develop a flexible set of principles that will remain relevant for as long as possible.
President Obama directed NIST in the executive order to work with the private sector on standards that will help protect critical infrastructure – such as telecommunications and manufacturing – from cyber attack.
Sen. John Rockefeller, D-W.V., chairman of the committee, said it is critical that NIST and the private sector work together on any cybersecurity framework to make sure it is adopted by the private sector.
“Making progress against our cyber adversaries is going to require a sustained coordinated effort between the public and private sectors,” he said.