NIST: Cybersecurity Standards Require Industry Buy-In

Patrick Gallagher, heading up the National Institute of Standards and Technology's efforts to develop voluntary cybersecurity standards for critical infrastructure in concert with industry, told the Senate Commerce Committee that there are three reasons why the standards will have to have private industry buy-in:
1) the industry has the knowhow and capacity and the process will only be "agile" if industry embraces it; 2) industry participation provides the best chance that those standards are compatible with business (the goal is to put the voluntary standards, so sitting on the shelf is not an option); and 3) that is the only way to scale the standards internationally.

If the standards don’t get industry buy-in, Gallagher warned, Congress will have to decide what to do next given the national interest in protecting critical infrastructure.