The design for Chinese military drones "look a little familiar," and indicates that the Chinese have been stealing U.S. military secrets including designs for the Predator drone, Lewis says.
"Their stealth fighter probably is based on U.S. technology, and some of their submarine technology is based on U.S. technology," Lewis adds.
The NIST framework "gets the substance right," but the final version should be shorter and more and more simplified in how it presents recommendations to protect networks,
The next step to build on the advice of the framework is for NIST to do a handoff to somebody like the Department of Homeland Security (DHS) to have them encourage companies to accept best practices, Lewis says. That could in turn lead Congress to address how and whether the government could require companies to implement basic safety measures for networks.
"It's really easy to break into the networks of these companies," Lewis says. "We need some light touch governance like seat belts for the Internet. Car companies resisted adding seat belts until they were forced to by federal regulation."