The Lawfare Podcast

Bryan Choi on NIST's Software Un-Standards

Mar 7, 2024

Bryan Choi questions NIST's ability to set effective cybersecurity standards, delving into the challenges of securing software and the limitations of testing. The podcast explores the intersection of law, technology, and cybersecurity, emphasizing the need for technical expertise in legal scholarship. It also discusses NIST's historical role in shaping technology standards amidst rapid advancements, and the complexities of adhering to NIST cybersecurity standards.

45:07

Creator website

Episode guests

Bryan Choi

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

NIST's shift to risk-based frameworks in cybersecurity reflects a move towards addressing risks over dictating practices.

Software complexity poses challenges in security assurance as traditional testing methods struggle to keep pace with advancing technology.

Deep dives

NIST's Evolution in Cybersecurity Standards

NIST's approach to cybersecurity standards has shifted from strict standardization to a more flexible and risk-based framework. This change signifies a shift to addressing risks, detecting occurrences, and mitigating harm rather than dictating standardized practices. The government's reliance on NIST for cybersecurity standards has been challenged by researchers like Brian Choi, questioning NIST's ability to meet evolving cybersecurity demands.

Introduction

3min

The Intersection of Law, Technology, and Cybersecurity

16min

Evolution of NIST's Role in Technology Standards

5min

Prioritizing What Matters in Life through Therapy

11min

Navigating NIST Standards and Cybersecurity Challenges

16min

Exploring NIST's Software Certification and Regulatory Approaches

2min

Everyone agrees that the United States has a serious cybersecurity problem. But how to fix it—that's another question entirely. Over the past decade, a consensus has emerged across multiple administrations that NIST—the National Institute of Standards and Technology—is the right body to set cybersecurity standards for both the government and private industry. Alan Rozenshtein, Associate Professor of Law at the University of Minnesota and Senior Editor at Lawfare, spoke with Bryan Choi, who argues that this faith is misplaced. Choi is an associate professor of both law and computer science and engineering at The Ohio State University. He just published a new white paper in Lawfare's ongoing Digital Social Contract paper series exploring NIST's history in setting information technology standards and why that history should make us skeptical that NIST can fulfill the cybersecurity demands that are increasingly being placed on it.

Support this show http://supporter.acast.com/lawfare.

Hosted on Acast. See acast.com/privacy for more information.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The Lawfare Podcast

Bryan Choi on NIST's Software Un-Standards

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

NIST's Evolution in Cybersecurity Standards

The Complexity of Software Security Challenges

NIST's Role in Setting Software Standards

Challenges in Enforcing Software Standards

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

The Lawfare Podcast

Bryan Choi on NIST's Software Un-Standards

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

NIST's Evolution in Cybersecurity Standards

The Complexity of Software Security Challenges

NIST's Role in Setting Software Standards

Challenges in Enforcing Software Standards

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights