Developing a Framework to Improve Critical Infrastructure Cybersecurity (Response to NIST Request for Information Docket No. 130208119-3119-01)

Jorge L. Contreras

6/25/2014
(Original Publish Date: 4/8/2013)

The National Institute of Standards and Technology (NIST) has issued a request for information (RFI) regarding its charge of developing a framework to improve critical infrastructure cybersecurity. As NIST correctly points out in the RFI, “[t]he national and economic security of the United States depends on the reliable functioning of critical infrastructure.” The following two suggestions are offered in an attempt to aid NIST as it develops a national cybersecurity framework (the Framework) to reduce cybersecurity risks throughout the nation: 1. The Framework should expressly require public interest representation in developing and selecting standards for a national cybersecurity infrastructure. 2. The Framework should adopt approaches that prevent patent disputes from disrupting the broadest possible adoption of cybersecurity standards. Such approaches may include selecting standards for inclusion in the cybersecurity infrastructure only if patent holders have (a) agreed to offer licenses on a royalty-free basis, (b) consented to observe an aggregate royalty cap for all patents covering the standard, or (c) waived their rights to seek injunctive relief.