Any time critical data lives on a network, the potential threats to an emergency response mission are very real. Enter the NIST Cybersecurity Framework.
Are response teams, many with limited budgets and human resources, on their own to define and prepare for cybersecurity threats? Thankfully, no. The National Institute of Standards and Technology (NIST) is a valuable resource for organizations of all types. As a non-regulatory organization in the U.S. Department of Commerce, its stated goal is to improve and innovate scientific standards across all industries, including cybersecurity.
NIST: A Brief History
Founded in 1901, NIST is one of the oldest federal physical science laboratories in the United States. Congress initially created the agency to break down industrial competition barriers, as America’s infrastructure lagged behind other economic powerhouses like Germany and the United Kingdom.
NIST primarily provides measurement guidance and a variety of scientific standards for countless industries. Whether it’s computer chips, atomic clocks, or smart electric power grids… Companies that make these products have used NIST standards as a roadmap to improve their offerings and keep pace with ever-changing scientific and technological advancements.
Today, NIST supports technologies of all shapes and sizes, from the tiniest gadgets to the largest and most intricate human inventions.
Providing an Effective Cybersecurity Framework
NIST is known for providing standards and guidance for cybersecurity-related issues. While their recommendations aren’t mandatory (and an organization can’t be “certified”), they do provide a helpful framework, especially for state and local emergency management agencies whose critical services protect the safety and property of communities.
The 5 functions of the NIST Framework give a solid foundation for looking at data security and beginning to build and customize their own standards and processes.
1 // Identify. This function helps organizations develop an understanding of cybersecurity risks to their internal systems, data, and communities at large. This knowledge can guide implementation of a strong system that protects against threats within the context and constraints of their unique needs.
2 // Protect. The protect function outlines safeguards that can be put in place, which can allow teams to preemptively defend against cybersecurity threats. Preventive measures are crucial, because in a crisis resources will be limited and responders will need quick access to communication channels and information. Protective cybersecurity barriers let responders focus on the most critical aspects of a mission.
3 // Detect. The detect function lays out steps to identify cybersecurity threats. This function allows emergency response teams to make timely discoveries of infringements before it’s too late to address them. Some of these steps include:
- Ensuring threats are detected and understanding their potential impact
- Creating ongoing detection processes that promote awareness of suspicious activities
- Adopting tracking capabilities to look for potential cybersecurity threats
4 // Respond. The respond function guides teams through best practices if a cybersecurity threat is detected. Once they identify it, the respond function can also help teams limit damage by:
- Ensuring responders take appropriate action during and after an incident
- Minimizing the chances of cybersecurity threats occurring in the future
- Using previous and current infringements as learning tools if a similar situation occurs
5 // Recover. If a cybersecurity issue occurs, the recover function helps teams restore affected systems and return to normal operations. Timely recovery is of utmost importance, as the compounding effect of successive missions in a compromised state exponentially increases the potential harms.
Innovate to Lead
Think back to the first paragraph of this article. The stated goal of NIST is to improve and innovate scientific standards. So, by implementing and optimizing the agency’s guidelines, your organization participates in the forward momentum of technology as a whole. You’re not only benefiting from the learnings of others, but also contributing to their success and the safety and security of the communities being served.
After all, a collective of emergency managers, public safety professionals, and others on the forefront of mobile operations security are far stronger than any individual organization alone.
Learning More
An official website of the United States Government, nist.gov offers a wealth of information around measurement science, standards, and technology. To our customers and partners for whom security and innovation are paramount, the NIST Cybersecurity Framework site answers common questions, provides key documentation, and even provides online learning modules.
Consider Nomad a resource as well. Our industry-benchmark Nomad Total Command (NTC) software is fully NIST-compliant, and we’re well-versed in helping customers creatively navigate the complex waters of mobile operations security.