Cybersecurity
NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:
- Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
- Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
- Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners
Related content
Progress Report in the Fight Against Botnet Attacks
The Trump administration has made substantial progress in improving the resilience of the Internet ecosystem and reducing the threat of botnets. In a report released today, the Departments of Commerce and Homeland Security documented more than 50 activities led by industry and government that demonstrate progress in the drive to counter botnet threats. Building upon work started two years ago with the Botnet Report and Road Map, industry and government are working hard to put a stop to these dangerous attacks.
Here are a few of the milestone achievements:
NTIA Announces Supply Chain Information-Sharing Program
Today, NTIA is announcing the establishment of the Communications Supply Chain Risk Information Partnership (C-SCRIP), a program to share supply chain security risk information with trusted communications providers and suppliers.
Small and rural communications providers and equipment suppliers are the primary focus of this program, and our goal is to improve their access to information about risks to key elements in their supply chain. NTIA will ensure that this risk information is relevant and accessible, and we will work with our government partners to enable the granting of security clearances when necessary.
The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019, which President Trump signed into law on March 12, 2020. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should help mitigate further “rip and replace” programs in the future.
Notice of 07/09/2020 Multistakeholder Process on Promoting Software Component Transparency Meeting
NTIA) will convene a virtual meeting of a multistakeholder process on promoting software component transparency on July 9, 2020, from 12:00 p.m. to 4:00 p.m., Eastern Time. The meeting will be held virtually, with online slide share and dial-in information to be posted at https://www.ntia.doc.gov/SoftwareTransparency.