No shortage of skeptics
Although Ozment attempted to put a friendly face on the government’s information-sharing efforts, he faced a skeptical crowd of CIOs from Lockheed Martin, American International Group, Allstate and other Fortune 500 companies.
NuStar Energy CIO Manish Kapoor noted that his CISO was “freaking out” after the company received an addendum request for a commercial contractor to comply with National Institute of Standards and Technology (NIST) standard for protecting critical infrastructure within 90 days. He said this was a tall task because “NIST standards are really complicated.”
Ozment, whose agency provides support for the NIST standards, said that this is happening in every industry, adding that a singular standard is better than too many standards. “The benefit of the NIST cybersecurity framework is at least we can all agree on it because the worst case for everybody is a tower of Babel … competing regulations, competing contractual demands … nobody wants to live in that world and that is why we did the NIST cybersecurity framework.”
Ultimately, Ozment said: "We’re there to help you, we want to find the bad guys on your network, kick them out and get you back up on your feet again," he says. Despite those good intentions, the DHS must overcome the perception problem it has among some CIOs. As NuStar Energy’s Kapoor puts it, “Whenever I hear somebody say ‘I’m from the government and I’m here to help you’ I get nervous.”
Sign up for CIO Asia eNewsletters.