Cybersecurity

NTIA’s cybersecurity multistakeholder processes, conducted in an open and transparent manner, contribute to the security of the nation’s Internet architecture. The consensus-based development of market-based cybersecurity solutions and guidance creates a foundation for increasing digital security. Recent processes include:

Software component transparency -- creating guidance for the use of a “Software Bill of Materials,” which functions as a list of ingredients that make up software components
Internet of Things security – addressing key aspects of IoT security, including upgradability and patchability of connected devices
Cybersecurity vulnerability disclosures – increasing collaboration between security researchers and software and system developers and owners

Testimony of Acting Assistant Secretary Rinaldo on Supply Chain Security, Global Competitiveness, and 5G

Chairman Johnson, Ranking Member Peters, and Members of the Committee, thank you for this opportunity to testify today on Supply Chain Security, Global Competitiveness, and 5G. During a time when an ever-changing landscape of services, technologies, and global industries are seeking to shape the development and deployment of 5G networks, NTIA collaborates with other Commerce bureaus and Executive Branch agencies to develop and advocate for domestic and international policies that preserve the open Internet and advance key U.S. interests.

Read more about Testimony of Acting Assistant Secretary Rinaldo on Supply Chain Security, Global Competitiveness, and 5G

Notice of 11/18/2019 Multistakeholder Process on Promoting Software Component Transparency Meeting

October 22, 2019

NTIA will convene a meeting of a multistakeholder process on promoting software component transparency on November 18, 2019 from 10:00 a.m. to 4:00 p.m., Eastern Time. The meeting will be held at the American Institute of Architects, 1735 New York Ave. NW, Washington, DC 20006. For further information contact Allan Friedman, National Telecommunications and Information Administration, U.S.

Topics

Internet Policy

Internet Policy Task Force

Cybersecurity

Internet of Things

Moving Toward a More Transparent Software Supply Chain

September 30, 2019

Earlier this month, NTIA convened the latest in a series of multistakeholder meetings on software component transparency. For more than a year, stakeholders have been exploring this issue through four working groups established during the July 2018 kickoff meeting. The broader community meets periodically to share progress and encourage feedback through in-person and virtual meetings.

Most modern software is not written completely from scratch, but includes existing components, modules, and libraries from the open source and commercial software world. Modern development practices such as code reuse, and a dynamic IT marketplace with acquisitions and mergers, make it challenging to track the use of software components.

The Internet of Things and the emergence of Cyber-Physical Systems, which integrate computation, networking, and physical processes, compound this phenomenon, as new organizations, enterprises and innovators take on the role of software developer to add “smart” features or connectivity to their products. Although the majority of libraries and components do not have known vulnerabilities, the sheer quantity of software means that some software products ship with vulnerable or out-of-date components.

Topics

Internet Policy

Internet Policy Task Force

Cybersecurity

Subscribe to Cybersecurity RSS feed