Cybersecurity
NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:
- Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
- Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
- Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners
Related content
12/9/2016 Meeting on Developing the Digital Marketplace for Copyrighted Works
The Department of Commerce’s Internet Policy Task Force will be holding a public meeting on December 9, 2016, from 8:30 a.m. to 4:00 p.m. ET on Developing the Digital Marketplace for Copyrighted Works. The meeting will be held at the U.S. Patent and Trademark Office: 600 Dulany Street, Alexandria, VA 22314.
Notice of 11/07/2016 Meeting of Multistakeholder Process to Promote Collaboration on Vulnerability Research Disclosure
NTIA will convene a meeting of a multistakeholder process concerning the collaboration between security researchers and software and system developers and owners to address security vulnerability disclosure on November 7, 2016, from 12:00 p.m. to 4:00 p.m., Eastern Time. The meeting will be held at the American Institute of Architects, 1735 New York Ave., NW, Washington, DC 20006.
Increasing the Potential of IoT through Security and Transparency
The Internet of Things (IoT) offers a wide range of consumer benefits – from the ability to control your thermostat or light fixtures through a smartphone, to an Internet-connected home security system, to wearables such as Internet-connected fitness bands and watches and beyond. To help realize the full innovative potential of IoT, users need reasonable assurance that IoT devices and applications will be secure.
One particular area of concern is whether and how to address potential security vulnerabilities in IoT devices or applications through patching and security upgrades. In the early IoT market, there has sometimes been limited consideration for supporting future security patches, even though many devices will eventually need them. Enabling a thriving market for devices that support security upgrades requires common definitions so consumers know what they are getting.
Currently, no such common, widely accepted definitions exist, and manufacturers can struggle to effectively communicate to consumers the security features of their devices. This is detrimental to the digital ecosystem as a whole, as it does not reward companies that invest in patching and it prevents consumers from making informed purchasing choices.