 |
Cybertelecom Federal Internet Law & Policy An Educational Project |
|
National Telecommunications and Information Administration (NTIA) | |
|
Cybersecurity - Agencies - - White House - - DHS - - NIST - - NTIA - - FCC - Reference - Cryptography Crimes Against Network - Worms, Viruses, Attacks - Hackers - DOS - WiFi Security - Cyberwar - Network Reliability - Infrastructure Protection - - Kill Switch Crimes Over Network - CyberStalking - Fraud - - Auctions - - Phishing - Gambling - ID Theft - Offensive Words Info Gathering - Wiretaps - CALEA - ECPA - FISA - Forensics - Carnivore - Patriot Act - Data Retention - Safe Web Act Emergency - EAS - Assessment - Reliability - Vulnerabilities |
The National Telecommunications and Information Administration is a part of the Department of Commerce. It is the Administration's policy office for communications. While covering similar jurisdiction as the Federal Communications Commission, the FCC is an independent agency and NTIA serves the President. Generally, the FCC is also an operational agency of a few thousand staff where NTIA is a policy office with a small staff.
DOC NOI Incentives To Adopt Improved Cybersecurity Practices March 28, 2013
"The President has directed the Secretary of Commerce to evaluate a set of incentives designed to promote participation in a voluntary program to be established by the Secretary of Homeland Security to support the adoption by owners and operators of critical infrastructure and other interested entities of the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST). The evaluation will include analysis of the benefits and relative effectiveness of such incentives, and whether the incentives would require legislation or can be provided under existing law and authorities to participants in the Program. The Department of Commerce (Department) will use input received in response to this Notice to inform its recommendations, which will focus on incentives for critical infrastructure owners. In addition, the Department may use this input to develop a broader set of recommendations that apply to U.S. industry as a whole.
- NTIA, Comments on Incentives To Adopt Improved Cybersecurity Practices NOI (Apr. 29, 2013)
- Discussion of Recommendations to the President on Incentives for Critical Infrastructure Owners and Operators to Join a Voluntary Cybersecurity Program, NTIA (2013)
Department of Commerce Press Release: Commerce Department Proposes New Policy Framework to Strengthen Cybersecurity Protections for Businesses Online
Green Paper: Cybersecurity, Innovation and the Internet Economy (PDF file) Posted June 8, 2011
The U.S. Department of Commerce today released a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but are not part of the critical infrastructure sector. The report, Cybersecurity, Innovation and the Internet Economy , focuses on the "Internet and Information Innovation Sector" (I3S) - these are businesses that range from small and medium enterprises and bricks-and-mortar firms with online services, to social networking sites and Internet-only business, to cloud computing firms that are increasingly subject to cyber attacks.
"Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it's critical that we develop policies that better protect businesses and their customers to ensure the Internet remains an engine for economic growth," said Commerce Secretary Gary Locke. "By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft."Today's report, based on extensive public input, addresses the growing economic importance of strengthening cybersecurity protection and preserving consumer trust in the Internet. Global online transactions are currently estimated by industry analysts at $10 trillion annually. As Internet business grows, so has the threat of cybersecurity attacks. The number of Internet malware threats was estimated to have doubled between January 2009 and December 2010. In 2010, an estimated 55,000 new viruses, worms, spyware and other threats were bombarding the Internet daily.
The report, developed by the Department's Internet Policy Task Force, makes a number of specific recommendations for reducing I3S vulnerabilities:
- Establish nationally recognized but voluntary codes of conduct to minimize cybersecurity vulnerabilities. For example, the report recommends that businesses employ present-day best practices, such as automated security, to combat cybersecurity threats and that they implement the Domain Name System Security (DNSSEC) protocol extensions on the domains that host key Web sites. DNSSEC provides a way to ensure that users are validly delivered to the web addresses they request and are not hijacked.
- Developing incentives to combat cybersecurity threats. The report also recommends exploring and identifying incentives that could include reducing "cyberinsurance" premiums for companies that adopt best practices and openly share details about cyberattacks for the benefit of other businesses.
- Improve public understanding of cybersecurity vulnerabilities through education and research . Programs like the National Initiative for Cybersecurity Education should target awareness and training to the I3S and develop methods for cost/benefit analyses for cybersecurity expenditures.
- Enhance international collaboration on cybersecurity best practices to support expanded global markets for U.S. products. This should include enhanced sharing of research and development goals, standards, and policies that support innovation and economic growth.
This report follows a series of recent Internet security policy recommendations made by the Obama administration. In April, the Administration released the National Strategy for Trusted Identities in Cyberspace, which seeks to better protect consumers from fraud and identity theft. Last month, the Administration proposed legislation to require companies providing critical infrastructure services, such as the financial and energy sectors, to implement stronger cybersecurity practices ( fact sheet ). In addition, the Administration recently released a strategy for managing international issues in cyberspace.
The Commerce Department launched the Internet Policy Task Force in April 2010 to identify and address the Internet's most pressing policy issues and to recommend new policies. The Task Force was directed to look at establishing practices, norms and ground rules that promote innovative uses of information in four key areas where the Internet must address significant challenges: enhancing Internet privacy; improving cybersecurity; protecting intellectual property and encouraging the global free flow of information.
In order to gather additional stakeholder input and refine the report's preliminary recommendations, the Commerce Department will seek public comment and publish questions from the report in a Federal Register notice later this week. The Commerce Department's Internet Policy Task Force will also continue to work with others in government to engage the domestic and global privacy community, and will consider publishing a refined set of policy recommendations in the future.
The full report, including questions seeking additional stakeholder input, can be found here .
Files
Cybersecurity, Innovation and the Internet Economy Green Paper