Cybersecurity

NTIA, on behalf of the Department of Commerce, is requesting comment on actions that can be taken to address automated and distributed threats to the digital ecosystem as part of the activity directed by the President in Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  Through this Request for Comments, NTIA seeks broad input from all interested stakeholders – including private industry, academia, civil society, and other security experts – on ways to improve industry’s ability to reduce threats perpetuated by automated distribu

Stakeholders involved in NTIA’s cybersecurity multistakeholder process to promote collaboration on vulnerability research disclosure today are releasing initial findings, recommendations, and resources that they hope will enhance cooperation and lead to a more secure digital ecosystem. The three stakeholder-drafted reports reflect the experience and wisdom of many of the key experts in the field, including active security researchers, experienced software companies, security companies, academics, and civil society advocates, as well as industries new to the issue.

Vulnerability disclosure has long been an open, important issue in cybersecurity. Companies need a strategy to deal with flawed software, systems, and configurations -- especially when the issues are first discovered by a third party. Without a strategy, for example, companies sometimes choose to threaten the third party with legal action rather than working together to fix the vulnerability. This need is heightened as more and more organizations become part of the digital economy.

A diverse set of stakeholders participated in this process for more than a year, attending four in-person meetings across the country, and participating in countless conference calls and drafting sessions. On behalf of NTIA, I want to thank them for their hard work and dedication to seeking consensus and increased collaboration on these important cybersecurity issues.