By:
Kathryn Basinsky, Telecommunication Policy Specialist, Office of Policy Analysis and Development,
Ona Spreenberg, Telecommunication Policy Specialist, Office of Policy Analysis and Development
Maureen Russell, Team Lead, Cyber Security Policy, Office of Policy Analysis and Development
As part of this year’s Cybersecurity Awareness Month, we at NTIA are taking a moment to reflect on our collective achievements and the crucial work that lies ahead of us to ensure that the Internet remains open, free, and secure. Promoting and preserving the digital ecosystem is a core mission of the Department of Commerce, and that ecosystem’s security and resiliency are vital. NTIA has been at the forefront of this mission, working to improve Internet resilience and securing the Information and Communications Technology (ICT) supply chains.
You may remember some of NTIA’s big cybersecurity initiatives, such as the 2018 Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats. This report, directed by Executive Order 13800, and its 2020 Status Update, laid out five goals for the Federal government and more than 20 suggested actions for all stakeholders to improve the resilience of the Internet ecosystem. While the threat of DDoS attacks has not disappeared, the report led to significant improvements.
And of course, there’s our now-concluded multistakeholder process on software component transparency. The stakeholders formulated and established a software bill of materials (SBOM), a key tool to help create a more transparent and secure software supply chain. The important work of this group was recognized in Executive Order 14028, in which the White House directed NTIA to publish the Minimum Elements of an SBOM. The resulting report built on the then-ongoing work of NTIA’s SBOM multistakeholder process. While NTIA no longer facilitates these discussions, we continue to promote SBOM in our cybersecurity and supply chain work.
NTIA is now at work on many other cybersecurity initiatives. We were active participants in the drafting of the National Cybersecurity Strategy and National Implementation Plan, working to ensure that the equities of a broad group of stakeholders were incorporated into a whole-of-government approach. Separately, NTIA is specifically charged with catalyzing the development and adoption of open, interoperable, and standards-based networks through the Public Wireless Supply Chain Innovation Fund.
We are also collaborating with government and industry partners to enhance Internet routing security. This old problem took on greater importance after the Russian invasion of Ukraine. Since then, NTIA has advocated for robust collaboration between the public and private sectors to identify security challenges, develop and drive adoption of security measures, and support research and development for future solutions.
In addition, pursuant to the Secure and Trusted Communications Networks Act of 2019, NTIA runs an information sharing program – the Communications Supply Chain Risk Information Partnership (C-SCRIP). Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain, including cyber risks. Our staff works closely with other government partners to ensure that cybersecurity risk information is communicated quickly to stakeholders so they can take action to invest in and defend their networks.
Finally, NTIA is tackling one of the newest cybersecurity challenges, artificial intelligence. This spring, we embarked on a new initiative to gather input and inform policymakers and other stakeholders about what steps might help to ensure these systems are safe, effective, responsible, and lawful. As the President’s principal advisor on information technology and telecommunications matters, NTIA will help develop the policies necessary to verify that AI systems work as they claim – and without causing harm. Our initiative will help build an ecosystem of AI audits, assessments, certifications, and other policies to support AI system assurance and create earned trust.
NTIA’s work on cybersecurity supports, and is supported by, its decades-long focus on the development of an open and robust Internet. To prevent future vulnerabilities in the communications supply chain, NTIA will continue to engage Federal, state, local, and tribal entities, and public and private owners and operators of critical telecommunications infrastructure.
The cybersecurity challenges we are encountering today are both complex and demanding, requiring innovative and thoughtful solutions. At NTIA, we remain committed to developing, analyzing, and advocating for public policies that secure and address vulnerabilities in the critical telecommunications sector while advancing other critical objectives. For more information on how the Department as a whole tackles cybersecurity see “Commerce at the Forefront in Improving Nation's Cybersecurity.”