A request for information (RFI) from the National Institute of Standards and Technology (NIST) seeks to update the national cybersecurity strategy in force since February 2014.

NIST, part of the Department of Commerce, is seeking industry comment through Feb. 9, 2016, on the voluntary “Framework for Improving Critical Infrastructure Cybersecurity”--the document that has been guiding the strategy.

Cyberattacks have been a threat to the healthcare industry for years but this year's attacks were more sophisticated and caused more damage than in the past. The total number of victims from the 10 largest attacks in 2015, not including the recently announced hack at MaineGeneral Health, is almost 110 million—or one-third of the population.

In response, NIST wants to know what parts of the strategy are working and what parts need improvement. The agency wants to learn “what good looks like,” says Matt Barrett, program manager of the framework. NIST has conducted informal talks with a range of stakeholders on the framework and whether they feel an upgrade is necessary. The talks revealed support for an update.

NIST’s questions in the RFI focus on the maintenance and ownership of the framework and the long-term relationship between government and industries across the nation. Other questions address how best to share threat information and cybersecurity best practices. 

Access the RFI.