Digital Discourse / Policy / Policy - Cybersecurity

SIIA submits comments on Cybersecurity, Innovation and the Internet Economy

August 3, 2011 By

In our continuing effort to maintain and expand the partnership between the private sector and the government to address our nation’s cybersecurity challenges, SIIA submitted comments to the Department of Commerce on Monday in response to their recent Green Paper on Cybersecurity, Innovation and the Internet Economy.

At the heart of the Green Paper is an effort to help define the roles of the Government and the private sector in combating cybersecurity threats and protecting the systems and networks that support the infrastructure that drives the nation’s economy. In our comments, SIIA offered strong support for the Department’s approach of looking toward voluntary codes of conduct for an innovative sector such as the Internet and Information Innovation Sector (I3S). We noted that the most critical element of achieving these goals is to resist an approach that is overly-prescriptive, where mandates would have the adverse effect of slowing the development of standards in the private sector, or the unintended effect of putting U.S. companies at a disadvantage to their counterparts around the world. Given the broad, rapidly-evolving cross-section of industry that comprises the I3S, a flexible industry-led approach is the correct best path forward to achieve an ideal security framework, rather than a regulatory model.

SIIA also noted that while the primary purpose of the Green Paper is to discuss an area that is outside of the critical infrastructure segment, and to bolster security in this area, this exercise can also help to appropriately define the critical framework of what is “covered critical infrastructure,” and it can help to avoid confusion and appropriately allocate resources where they are most needed.

For SIIA policy updates including upcoming events, news and analysis, subscribe to SIIA’s weekly policy email newsletter, Digital Policy Roundup.

Share|
Filed Under: Government, Legislation, Policy, Policy - Cybersecurity, Security, SIIA News

SIIA sends cybersecurity recommendations to Administration

April 27, 2011 By

As the Administration completes its review of the legislative proposals to improve the security of federal and critical information infrastructure, SIIA pushed for a robust partnership between the private sector and the government in a letter to officials today.

The Administration’s legislative recommendations on cybersecurity will be released shortly and are expected to provide impetus to the legislative process on the issue in Congress. Sens. Leiberman and Collins have reintroduced their cybersecurity bill, and it will likely be combined with a similar bill from Sens. Rockefeller and Snow–with the possible outcome of a combined legislative vehicle on the part of Senate Majority Leader Reid.

SIIA’s letter features six recommendations that would help the government keep pace with the ever-evolving challenges of protecting the nation’s online systems, networks and data. Here are the recommendations:

Public Private Partnership

The private sector is on the frontlines of active security defense for our nation’s critical infrastructure since the majority is owned, operated, and maintained by industry. Therefore, a robust partnership between the public and private sectors is vital. Government should collaborate with industry to develop reasonable security practices and find technology solutions that ensure our nation’s security.

Risk-Based Security

No set of precautions can ensure absolute security.  Reasonable cybersecurity measures must address threats based on the importance of the networks and systems involved and the nature of the threat they face. For this reason, government should address risks to systems and networks that are part of our nation’s critical infrastructure differently from its approach to risks to systems and networks that are not part of our critical infrastructure.  To ensure predictability and transparency for the private-sector companies that manage these systems and network, government should provide a clear, public and consistent boundary between critical and non-critical infrastructure.  Further, critical infrastructure should be narrowly defined to include only the systems and networks of the utmost importance to national security.

Layered Security

Experts regard a layered approach to security as the best practice.  Security in depth minimizes the chances that any single point of failure will result in the leak of information or the compromise of a system.  Elements of a layered approach to security include protection at the data/document level, the application and OS levels, and finally at the network/perimeter level.  Government should utilize adopt layered security for its own use, and encourage its adoption by the private sector through voluntary means.

International Coordination

Security threats are global.  Adequate countermeasures can be developed only through global cooperation among governments and industry.  For this reason, government and the private sector should cooperate to establish, maintain, and upgrade internationally accepted security standards. In particular, government should look to the Common Criteria to ensure that technology products exhibit security.  For supply chain requirements, governments should adhere to public, internationally accepted standards which are audited pursuant to international standards.

Security Incentives

Strong market incentives already exist within the marketplace to promote increased innovation within the constantly evolving cybersecurity landscape. To the extent that government and the private sector agree that the needed level of security goes beyond that for which a business case can be made, government should provide incentives such as confidentiality, liability protection, and tax incentives that lead the private sector to implement desired security measures. The government should not mandate specific measures that need to be adopted by the private sector. Specific mandates generally do not adapt with the changing threat and technology landscape, potentially becoming a hindrance to security advancement later on.

Innovation

Cybersecurity is a dynamic and evolving field that must respond to the rapidly changing, innovative nature of the information technology sector itself.  For that reason, government should provide resources, support, and guidance for research and development in this field and use its role as a convener to encourage multi-stakeholder cooperation and information sharing.

Share|
Filed Under: Government, Policy, Policy - Cybersecurity, Security Tagged With:

The week’s top 5 IP policy headlines

April 6, 2011 By

1. Senator Kohl Introduces Economic Espionage Bill to Protect U.S. Business from IP Theft (Milwaukee Business Journal)
Senator Kohl has introduced the “Economic Espionage Penalty Enhancement Act of 2011,” co-sponsored by Senators Whitehouse and Coons. The bill would increase the maximum penalty range for economic espionage from 15 to 20 years and direct the U.S. Sentencing Commission to increase the penalty ranges for these types of offenses.

2. Differences Remain Over House Patent Reform Bill (BroadbandBreakfast.com)
The America Invents Act introduced in the House remains a source of deep division between technology companies large and small.

3. U.S. Lawmakers Renew Push for “Rogue Websites” Bill (Reuters)
A bipartisan group of lawmakers from both chambers of Congress vow to pass legislation that would give the Justice Department new authority to pursue foreign and domestic websites selling pirated movies, music, and counterfeit goods.

4. House Energy and Commerce Members Request Information from Google About Anti-Piracy Initiative (PDF)
House Energy and Commerce Members, Walden, Bono Mack, Terry, Blackburn and Weiner sent a letter to Google’s CEO, Larry Page, seeking specific information about how Google plans to implement the pro-active steps to help protect copyrighted works on-line that Google announced in December.

5. Anti-Piracy Caucus Sends Letter to Ad Council Requesting Action Against Rogue Websites (PDF)
Anti-piracy Caucus chairmen Senators Whitehouse and Hatch, and Representatives Goodlatte and Schiff sent a letter to the Ad Council raising concerns about the appearance of the Ad Council logo on various rogue websites and urging the Ad Council to take steps to ensure its logo is removed from such sites and to develop an advertising campaign to combat digital theft of works online.

Share|
Filed Under: Anti-Piracy, Content, Policy, Policy - Cybersecurity

Mark MacCarthy sits down with 5 Qs on Tech

March 14, 2011 By

Rob Haralson of 5 Qs on Tech stopped by our DC office to interview Mark MacCarthy, SIIA’s new Public Policy VP. They sat down to chat about SIIA’s views on IP protection, cloud computing, ed-tech, privacy and cybersecurity. Check out the video–and stick around until the end to hear the story about Mark’s unusual first encounters with email!

Share|
Filed Under: Anti-Piracy, Content, Education, Policy, Policy - Cybersecurity, Policy - Intellectual Property, Software Tagged With: , , , , , ,
Newer Posts »