Commerce Department Proposes New Policy Framework to Strengthen Cybersecurity Protections for Businesses Online
Originally published: June 8, 2011
Last updated: June 8, 2011 - 8:10pm
The Department of Commerce released a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but are not part of the critical infrastructure sector.
The report focuses on the “Internet and Information Innovation Sector” (I3S) – these are businesses that range from small and medium enterprises and bricks-and-mortar firms with online services, to social networking sites and Internet-only business, to cloud computing firms that are increasingly subject to cyber attacks.
The report makes a number of specific recommendations for reducing I3S vulnerabilities:
- Establish nationally recognized but voluntary codes of conduct to minimize cybersecurity vulnerabilities. For example, the report recommends that businesses employ present-day best practices, such as automated security, to combat cybersecurity threats and that they implement the Domain Name System Security (DNSSEC) protocol extensions on the domains that host key Web sites. DNSSEC provides a way to ensure that users are validly delivered to the web addresses they request and are not hijacked.
- Developing incentives to combat cybersecurity threats. The report also recommends exploring and identifying incentives that could include reducing “cyberinsurance” premiums for companies that adopt best practices and openly share details about cyberattacks for the benefit of other businesses.
- Improve public understanding of cybersecurity vulnerabilities through education and research. Programs like the National Initiative for Cybersecurity Education should target awareness and training to the I3S and develop methods for cost/benefit analyses for cybersecurity expenditures.
- Enhance international collaboration on cybersecurity best practices to support expanded global markets for U.S. products. This should include enhanced sharing of research and development goals, standards, and policies that support innovation and economic growth.
- FCC’s CSRIC Offers recommendations to Minimize Cyber Threats
- A gold standard in cyber-defense
- Shutdown derails implementation of cybersecurity order
- The Department of Commerce's Role in Improving Critical Infrastructure Cybersecurity
- Launch of the Cybersecurity Framework
- NIST Releases Preliminary Cybersecurity Framework, Will Seek Comments
- Cybersecurity: Time to Act?
- NIST Trying to Drum Up Cyber Standards Support
- Revised cybersecurity bill introduced
- Collaborative and Cross-Cutting Approaches to Cybersecurity
- Empowering Small Businesses with Online Security Tool
- Incentives to Support Adoption of the Cybersecurity Framework
- Key Cybersecurity Challenges Need to Be Addressed to Improve Research and Development
- Five Pilot Projects Receive Grants to Promote Online Security and Privacy
- Cybersecurity Bill: Vital Need Or Just More Rules?