Commerce Department Proposes New Policy Framework to Strengthen Cybersecurity Protections for Businesses Online
Originally published: June 8, 2011
Last updated: June 8, 2011 - 7:10pm
The Department of Commerce released a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but are not part of the critical infrastructure sector.
The report focuses on the “Internet and Information Innovation Sector” (I3S) – these are businesses that range from small and medium enterprises and bricks-and-mortar firms with online services, to social networking sites and Internet-only business, to cloud computing firms that are increasingly subject to cyber attacks.
The report makes a number of specific recommendations for reducing I3S vulnerabilities:
- Establish nationally recognized but voluntary codes of conduct to minimize cybersecurity vulnerabilities. For example, the report recommends that businesses employ present-day best practices, such as automated security, to combat cybersecurity threats and that they implement the Domain Name System Security (DNSSEC) protocol extensions on the domains that host key Web sites. DNSSEC provides a way to ensure that users are validly delivered to the web addresses they request and are not hijacked.
- Developing incentives to combat cybersecurity threats. The report also recommends exploring and identifying incentives that could include reducing “cyberinsurance” premiums for companies that adopt best practices and openly share details about cyberattacks for the benefit of other businesses.
- Improve public understanding of cybersecurity vulnerabilities through education and research. Programs like the National Initiative for Cybersecurity Education should target awareness and training to the I3S and develop methods for cost/benefit analyses for cybersecurity expenditures.
- Enhance international collaboration on cybersecurity best practices to support expanded global markets for U.S. products. This should include enhanced sharing of research and development goals, standards, and policies that support innovation and economic growth.
- Key Cybersecurity Challenges Need to Be Addressed to Improve Research and Development
- A gold standard in cyber-defense
- Cybersecurity, Innovation and the Internet Economy
- Empowering Small Businesses with Online Security Tool
- Private sector not adequately defending US cyberspace, security expert warns
- Working with the Private-Sector to Enhance Cybersecurity
- UK Touts Its Cybersecurity Cred
- House cybersecurity bill would establish federal overseer
- Cybersecurity: Time to Act?
- NIST Releases Federal Risk Assessment Guide
- Partnership for Cybersecurity Innovation
- New Cybersecurity Bill Unveiled
- Chairman Rockefeller Commends Administration's Efforts to Improve Cybersecurity
- DOD Announces First Strategy for Operating in Cyberspace
- POSTPONED: Economic Ramifications of Cyber Threats and Vulnerabilities to the Private Sector