Key Government Task Force Launches Effort to Address Cybersecurity Challenges Facing the Digital Economy
The IPTF announcement is the latest in a series of activities following White House Executive Order 13636, which called upon the Commerce Department to work with industry to develop a framework to improve cybersecurity practices, and to undertake a study on incentives to encourage private sector adoption of cybersecurity protections. In February 2014, the National Institute of Standards and Technology (NIST), also part of the Commerce Department, released the Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 (Cybersecurity Framework). The Cybersecurity Framework offers organizations a guide for understanding and implementing appropriate cybersecurity protections, and NIST continues to monitor use of the Framework and consider additional guidance or updates.
With the release of this Request for Public Comment, the IPTF proposes to facilitate one or more multistakeholder processes around key cybersecurity issues. Potential outcomes would vary by the issue discussed, but could include voluntary policy guidelines, procedures, or best practices. Organizations will be free to choose whether to participate in any resulting code of conduct or standards.
The IPTF has identified a number of key cybersecurity topics for potential inclusion in these multistakeholder processes:
Network and Infrastructure Security
- Botnet Mitigation
- Core Internet Infrastructure: Naming, Routing, and Public Key Infrastructure
- Domain Name System (DNS), Border Gateway Protocol (BGP), and Transport Layer Security (TLS) Certificates
- Open Source Assurance
- Malware Mitigation
Web Security and Consumer Trust
- Web Security
- Trusted Downloads
- Cybersecurity and the Internet of Things
Business Process and Enabling Markets
- Managed Security Services
- Vulnerability Disclosure
- Security Investment and Metrics
The IPTF notes that the list of topics is not exhaustive and asks for comment generally on other cybersecurity challenges that could be best addressed in a multistakeholder process. The IPTF also seeks comment on what factors should be considered in selecting cybersecurity issues for consideration, as well as input on how best to implement the multistakeholder process.
Comments will be due 60 days from publication of the notice in the Federal Register. The IPTF seeks input and participation from a wide range of stakeholders, including Internet service providers, software developers, security vendors, equipment manufacturers, mobile application developers, cloud and content providers, vulnerability researchers, civil liberties advocates, digital infrastructure owners, digital economy experts, and others.
Brian Kennedy, an associate in our Washington, D.C. office, contributed to this entry.