(ARLINGTON, VA) — The National Rural Electric Cooperative Association (NRECA) today submitted comments on the “Preliminary Cybersecurity Framework” developed by the National Institute of Standards and Technology (NIST). NRECA submitted comments jointly with the Edison Electric Institute, the American Public Power Association, the American Gas Association, the Electric Power Suppliers Association and the Utilities Telecom Council.
NRECA is committed to assisting member-owned, not-for-profit electric cooperatives to strengthen cybersecurity for their systems. To this end, NRECA is continually developing new tools and training members. The NIST Framework will provide important and useful guidance for our efforts, and NRECA appreciates NIST’s collaborative approach to its creation.
In reviewing the Framework, NRECA has identified the following outstanding issues that need to be addressed:
- Consistent with the Framework’s strong emphasis on prioritizing risk, NRECA believes the Framework itself should be more tightly focused on “critical infrastructure,” as defined in the President’s Executive Order. Sections of the Framework stray into other areas, such as general business practices. Unnecessarily broadening the scope of the Framework could result in diverting needed resources and investments away from critical infrastructure.
- NRECA believes the NIST Framework should serve as a high-level statement of principles. The 16 sectors can and should work with their respective federal partners to apply the framework to their particular and unique industries.
- The Framework does not yet define clearly the term “adoption.” NIST introduced a definition in its December 4 update using language proposed by the Department of Homeland Security for a voluntary program, but there is not yet consensus among stakeholders in support of this definition. More work needs to be done to achieve consensus.
NRECA is working in partnership with the Department of Energy on several initiatives to develop resources that will help member-owned, not-for-profit cooperatives protect their members’ assets. We believe the NIST Framework will provide an important new tool.
The National Rural Electric Cooperative Association is the national service organization that represents the nation’s more than 900 private, not-for-profit, consumer-owned electric cooperatives, which provide service to 42 million people in 47 states.