Obama's order tasks NIST with leading the effort to develop the cybersecurity framework, and the agency will host several workshops for interested people to comment, said Adam Sedgewick, senior Internet policy advisor at NIST. The first workshop is April 3 at NIST's headquarters in Gaithersburg, Maryland, near Washington, D.C.
Sedgewick and Schwartz urged businesses to participate.
"This process cannot be successful without leadership from industry that is identifying best practices and standards that they use," Schwartz said. "We know there are leaders out there that do good work in this space, and we need them to come forward and help us put together the framework."
The framework will not be a one-size-fits-all set of rules, but is intended to be collaborative in nature, Schwartz said. The goal is for private industry to take the lead on the standards, Sedgewick added.
One audience member at the briefing asked Schwartz what the ultimate goal of Obama's executive order is. "When you have state-sponsored cyberterrorism that can spend $1 billion to take down the stock exchange, is the goal just to make it very expensive?" the audience member asked. "Do you really think you can stop it?"
The goal is to make providers of critical infrastructure less vulnerable, Schwartz said. He pointed to several recent cyberattacks in which the victim organizations failed to use "basic hygiene," such as changing default network passwords or backing up financial data.
"If we can get critical infrastructure to raise their game ... then the bad guys won't get in or they will have to raise their game as well," he said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.