Cybersecurity
NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:
- Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
- Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
- Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners
Related content
Request for Comment on Stakeholder Engagement on Cybersecurity in the Digital Ecosystem
The Department of Commerce Internet Policy Task Force (IPTF) is requesting comment to identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers. The IPTF invites public comment on these issues from all stakeholders with an interest in cybersecurity, including the commercial, academic and civil society sectors, and from relevant federal, state, local, and tribal entities.
Internet Policy Task Force Seeks Comment on Multistakeholder Process Addressing Key Cybersecurity Issues
WASHINGTON – The U.S. Commerce Department’s Internet Policy Task Force (IPTF) announced today it is seeking public input on potential topics addressing key cybersecurity issues facing the digital economy that could be best addressed by a consensus-based multistakeholder process.
Discussion and Recommendations to the President on Incentives for Critical Infrastructure Owners and Operators to Join a Voluntary Cybersecurity Program
On February 12, 2013, the President issued Executive Order 13636, stating that the “cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.” The Executive Order sets out a number of steps to address this problem, including calling on the Department of Commerce’s National Institute of Standards and Technology to develop a Cybersecurity Framework and the Department of Homeland Security to build a voluntary program “to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities. . .” The Program could include guidance on how to implement the Framework in specific sectors, as well as incentives for companies to align their cybersecurity practices, with the practices and standards specified in the Framework. The President requires DHS, the Department of Commerce, and the Department of Treasury to draft separate reports on incentives to join the Program. The following recommendations are Commerce’s contribution to this analysis of incentives.