3.2 Enhance the Nation's Cyber Security

Why is cyber security important?

Cybersecurity is necessary for U.S. businesses to fully benefit from the 21st century digital economy. Cyber threats can harm our economy and national security. The Department of Commerce continues to provide U.S. industry with a robust cybersecurity framework to protect economic growth. This will become even more vital as we adopt 5G technology.

Strategic Objective 3.2 Progress Update

On May 2, 2019, the President issued the Executive Order on America's Cybersecurity Workforce. This order further strengthened the Commerce Department's role in improving America's cybersecurity education, training, and workforce development.  On May 15, 2019, the President issued the Executive Order on Securing the Information and Communications Technology and Services Supply Chain. This order authorizes the Secretary of Commerce to direct the cessation of transactions with foreign adversaries that involve information and communications technology or services that pose an undue risk to the security of the United States.
These orders build on the progress made by the Department during 2019 including the National Institute of Standards and Technology (NIST) efforts to increase awareness and adoption of the Cybersecurity Framework and the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. Another major achievement was NIST's publication of the seminal report on the status of international cybersecurity standardization for the Internet of Things (IoT) (NIST Interagency Report 8200) to inform and assist in coordinating US government participation in international cybersecurity standards efforts related to IoT.
NIST Assists American Businesses in Cybersecurity Issues
The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a public-private partnership that addresses businesses’ most pressing cybersecurity issues.  To achieve our cybersecurity objective,  NIST provided cybersecurity information  to 8,995 U.S. organizations during 2019, exceeding its target of 6,000. To promote public availability, NIST publishes its solutions so that U.S. organizations and businesses can benefit. 

NIST Provides Businesses Resources for Improving Cybersecurity 
The National Institute of Standards and Technology (NIST) collaborates with U.S. industry on developing and updating a publication called the Framework for Improving Critical Infrastructure Cybersecurity. This publication provides guidelines on managing cybersecurity risks. The impact of NIST’s Cybersecurity Framework has been significantly amplified by organizations in the privates sector, using it to develop 133 derivative cybersecurity resources during 2019.  These additional resources help further disseminate cybersecurity best practices that will strengthen the nation’s overall cybersecurity posture. NIST also uses public workshops on cybersecurity to help protect all sectors of U.S. industry from cybersecurity risks that can impede economic progress. 
Cybersecurity Framework Version 1.1
The Framework is a risk-based approach to managing cybersecurity risk, and is composed of  three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Click here to learn more.
Small Business Cyber Security Corner
NIST provides consistent, clear, concise, and actionable cybersecurity resources to small businesses. Click here to access these free cybersecurity resources.
What's the IoT--How Can We Secure It?
In the video below, industry leaders discuss cybersecurity concerns around the Internet of Things (IoT) and the role NIST can play to help secure our future.
Picture of NIST cybersecurity risk framework
Picture of small business storefronts Credit: Wendy Szwerc

I Want to Know More...
About Cybersecurity 
NIST- about cybersecurity protections
NCCoE- about the public-private partnership
NTIA- about the Internet Policy Task Force