Commerce Department Proposes New Policy Framework to Strengthen Cybersecurity Protections for Businesses Online
Originally published: June 8, 2011
Last updated: June 8, 2011 - 8:10pm
The Department of Commerce released a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but are not part of the critical infrastructure sector.
The report focuses on the “Internet and Information Innovation Sector” (I3S) – these are businesses that range from small and medium enterprises and bricks-and-mortar firms with online services, to social networking sites and Internet-only business, to cloud computing firms that are increasingly subject to cyber attacks.
The report makes a number of specific recommendations for reducing I3S vulnerabilities:
- Establish nationally recognized but voluntary codes of conduct to minimize cybersecurity vulnerabilities. For example, the report recommends that businesses employ present-day best practices, such as automated security, to combat cybersecurity threats and that they implement the Domain Name System Security (DNSSEC) protocol extensions on the domains that host key Web sites. DNSSEC provides a way to ensure that users are validly delivered to the web addresses they request and are not hijacked.
- Developing incentives to combat cybersecurity threats. The report also recommends exploring and identifying incentives that could include reducing “cyberinsurance” premiums for companies that adopt best practices and openly share details about cyberattacks for the benefit of other businesses.
- Improve public understanding of cybersecurity vulnerabilities through education and research. Programs like the National Initiative for Cybersecurity Education should target awareness and training to the I3S and develop methods for cost/benefit analyses for cybersecurity expenditures.
- Enhance international collaboration on cybersecurity best practices to support expanded global markets for U.S. products. This should include enhanced sharing of research and development goals, standards, and policies that support innovation and economic growth.
- Key Cybersecurity Challenges Need to Be Addressed to Improve Research and Development
- A gold standard in cyber-defense
- Shutdown derails implementation of cybersecurity order
- FCC’s CSRIC Offers recommendations to Minimize Cyber Threats
- Cybersecurity Bill: Vital Need Or Just More Rules?
- Collaborative and Cross-Cutting Approaches to Cybersecurity
- Cybersecurity, Innovation and the Internet Economy
- Empowering Small Businesses with Online Security Tool
- Sen Lieberman pushes for mandatory standards in White House cyber order
- NIST Trying to Drum Up Cyber Standards Support
- Revised cybersecurity bill introduced
- Assessing Cybersecurity Regulations
- Senate to consider stronger cybersecurity measures
- The Department of Commerce's Role in Improving Critical Infrastructure Cybersecurity
- Private sector not adequately defending US cyberspace, security expert warns