US agency calls for new cybersecurity standards

The Department of Commerce should help private groups establish voluntary codes of conduct, a report says

The U.S. Department of Commerce should work with Internet business groups to establish voluntary codes of conduct and standards to protect against cyberattacks, a new report from the agency recommended.

The agency should help organize business groups to establish standards-setting processes, and it should promote cybersecurity best practices, said the 75-page report, released Wednesday by the agency's Internet Policy Task Force. The report's recommendations are aimed at what the DOC calls the Internet and information innovation sector, businesses with a large Internet or technology focus.

"A key role for government is to assist industry in developing these voluntary codes of conduct," the report said. "These codes of conduct should aim to unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline for their own cybersecurity efforts."

Many companies have called for the U.S. government to allow private companies to continue to develop security tools, but there is a role for the government in promoting best practices, the report said.

"It is clear that the government should not be in the business of picking technology winners and losers; however, where consensus emerges that a particular standard or practice will markedly improve the Nation's collective security, the government should consider more proactively promoting industry-led efforts and widely accepted standards and practices and calling on entities to implement them," the report said.

The agency will next put the report out for public comment, said Ari Schwartz, Internet policy adviser at the DOC's National Institute of Standards and Technology (NIST). The DOC asks for comment on a number of questions, including what standards the Internet sector should embrace, he said.

"To build those codes of conduct, we really need to start with specific, existing standards and existing best practices," he said. "There could be a standard we don't list here that's very close to critical mass."

For example, the report recommends that Web-based businesses deploy Domain Name System Security (DNSSEC) protocol extensions on the domains that host key websites. The report mentions several other security technologies and protocols.

The report is important because the U.S. government needs to take a "fresh look" at Internet policy and cybersecurity, Commerce Secretary Gary Locke wrote in the report's introduction.

"The Internet is again at a crossroads," Locke wrote. "Protecting security of consumers, businesses and the Internet infrastructure has never been more difficult. Cyber attacks on Internet commerce, vital business sectors and government agencies have grown exponentially."

The U.S. government should also support research to automate cybersecurity functions and should focus on creating incentives, including insurance and liability protection, for businesses that follow cybersecurity standards, the report recommended.

The report also called on the U.S. government to increase cybersecurity education and research programs.

The Center for Democracy and Technology (CDT), a digital liberties and privacy group where Schwartz recently worked, praised the report for focusing on voluntary standards for industries not identified by the U.S. government as core critical infrastructure. The DOC is taking the right approach in focusing on collaborative efforts to develop standards, CDT said.

"We're pleased that the [Obama] administration recognizes that many Internet-based functions and services that consumers use every day should not be defined as part of the 'critical infrastructure' that is subject to a more prescriptive regulatory regime," CDT President Leslie Harris said in a statement.

The Software and Information Industry Association (SIIA), a trade group, also praised the report for advocating voluntary security standards. The technology industry "already complies with a large number of industry-specific and international security standards," Mark MacCarthy, SIIA's vice president for public policy, said in a statement.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags regulationsecurityU.S. Department of CommerceGary LockeLeslie HarrisMark MacCarthyCenter for Democracy and TechnologygovernmentAri SchwartzSoftware and Information Industry Association

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?