Task Force Aims to Protect Online BusinessVoluntary Conduct Codes to Address Internet Security
The newly released green paper, titled "Cybersecurity, Innovation and the Internet Economy," urges the federal government and businesses to come together to promote security standards to address emerging threats. These include thousands of new malware and viruses rising up each day. "While securing energy, financial, health and other resources remain vital, the future of the innovation and the economy will depend on the success of Internet companies and ensuring that these companies are trusted and secure is essential," Commerce Secretary Gary Locke said in the introduction of the green paper.
The task force's framework provides for four key areas:
- Create a nationally recognized approach to minimize vulnerabilities for the Internet and information innovation sector. This approach includes a code of standards all participating entities should follow, applicable to organizations of different sizes and types. The task force is also pushing for an accelerated promotion of automation in security, where security and compliance can be constantly updated.
- Develop incentives for the sector to combat cybersecurity threats. These incentives include security disclosure in the shape of a national cyber-breach notification law. Also, information sharing between public/private partnerships is encouraged.
- Research the development of a better cost/benefit analysis on cybersecurity measures. Better targeted awareness efforts need to be implemented to educate companies and consumers.
- Continue international collaboration to promote research, development, best practices and threat information to better advance cybersecurity standards.
In the next month and a half, Commerce hopes to receive suggestions from industry to formalize the Internet security framework that includes the development of security tools that can be used voluntarily.
Once standards are in place, how will the task force know their policies are successful? "You measure success by getting measures that actually work," says Ari Schwartz, a task force member who's a senior Internet policy adviser at the National Institute of Standards and Technology, a Commerce unit "Pick standards that would be quickly implemented."
By taking a voluntary approach to implementing Internet security standards, the task force hopes companies will come together and agree on a code of conduct, particularly with disclosure. "The downside is people will be singled out for not standing up with us, but that's an incentive as well," Schwartz says.
Besides NIST, the task force includes experts from the Economic and Statistics Administration, International Trade Administration, National Telecommunications and Information Administration and U.S. Patent and Trademark Office as well as the office of the Commerce secretary.