Cybersecurity
NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:
- Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
- Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
- Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners
Related content
NTIA Launches Initiative to Improve Software Component Transparency
Most modern software is a creation of existing components, modules, and libraries from the open source and commercial software world. A detailed accounting of components isn’t always available, which can create obstacles when protecting against security risks. This challenge is compounded by the growth in Internet of Things devices, as companies add “smart” features or connectivity without clear visibility into a product’s underlying software components.
To address this problem, NTIA is convening a multistakeholder process to develop greater transparency of software components for better security across the digital ecosystem. While the majority of libraries and components do not have known vulnerabilities, many do, and the sheer quantity of software means that some software products ship with out-of-date components that may never be updated.
Through an open, transparent, and consensus-based process, NTIA will work to identify how software component data can be shared, what practices can be easily and voluntarily adopted, and what policy and market challenges should be addressed by the broad community. This initiative builds on prior work by NTIA stakeholders on IoT cybersecurity best practices. It is also NTIA’s first step in implementing the actions put forward by government and industry stakeholders in the Report to the President on Enhancing Resilience Against Botnets.
Notice of 07/19/18 Meeting of Multistakeholder Process on Promoting Software Component Transparency
NTIA will convene meetings of a multistakeholder process on promoting software component transparency. This Notice announces the first meeting, which is scheduled for July 19, 2018, from 10:00 a.m. to 4:00 p.m. The meeting will be held at the American Institute of Architects, 1735 New York Ave., N.W., Washington, DC 20006. For further information, contact Allan Friedman, National Telecommunications and Information Administration, U.S.