Department of Commerce calls for voluntary cyber security standards

June 21, 2011
FedCyber Wire
No Comment

via Association of Corporate Counsel

On June 8, the Department of Commerce’s Internet Policy Task Force released its cyber security Green Paper identifying some preliminary recommendations for moving forward with a comprehensive cyber security policy for private industry.

The Green Paper is a second iteration of recommendations on the Internet and Information Innovation Sector (“I3S”) after an initial round of comments last year. The private companies comprising the I3S are not considered critical infrastructure and include both Internet and non-Internet companies that use the Web to conduct business. Members of I3S may provide general retail websites, information services, create Web content, facilitate transactional services, store and host publicly accessible content and/or support access to content (i.e., engine providers, application and browser developers and social networks). This broad definition seemingly applies to almost every business that utilizes the Internet, even those within critical infrastructure that have hybrid essential and non-essential facilities. Yet, while the definition applies to a very broad swath of the economy-essentially any business that uses a network, website, or manages an online business-the majority of the commenters were information technology companies.

The Green Paper focuses on four major areas:

  1. Create a nationally recognized approach to minimize vulnerabilities for the I3S
  2. Develop incentives for I3S to combat cyber security threats
  3. Promote cyber security education and research that will protect the I3S
  4. Facilitate international cooperation

The Green Paper makes no firm conclusions or policy statements, but largely summarizes comments received from the private sector on an earlier Notice of Inquiry. In doing so, the Green Paper proposes development of a voluntary cyber security code of conduct for I3S companies. Commerce’s Task Force will formally seek answers to these comments in a Federal Register notice, and we will update you with a “comments deadline” once it is released.

Continued here.