The U.S. Department of commerce has released a seventy-five page report titled Cybersecurity, Innovation and the Internet Economy which recommends that the agency needs to work with private sector industry groups to create a set of voluntary cybersecurity standards.
The report, drafted by the DoC's Internet Policy Task Force, calls for businesses in the information sector and those with a strong technology and Internet focus to create a code of conduct regarding information security best practices.
"A key role for government is to assist industry in developing these voluntary codes of conduct. These codes of conduct should aim to unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline for their own cybersecurity efforts," the report states.
While innovation in the security technologies field should continue to be derived from the private sector, the report states that there is definitely a role for government to play in defining the parameters that enhance information security policies and procedures.
"It is clear that the government should not be in the business of picking technology winners and losers; however, where consensus emerges that a particular standard or practice will markedly improve the Nation's collective security, the government should consider more proactively promoting industry-led efforts and widely accepted standards and practices and calling on entities to implement them," the report continues.
The report lists several leading standards currently in use as a starting point, and the Department of Commerce is currently seeking input from industry experts as well as the general public regarding the framework for a overarching set of best practices.
"To build those codes of conduct, we really need to start with specific, existing standards and existing best practices. There could be a standard we don't list here that's very close to critical mass," said Ari Schwartz, Internet policy adviser at the DOC's National Institute of Standards and Technology (NIST).The steady increase in cyber threats and data breach events requires that government takes a leadership role in developing an industry-wide platform of security policies and procedures, and the DoC intends the proposed security code of conduct as the next step in the public/private partnership.
"The Internet is again at a crossroads. Protecting security of consumers, businesses and the Internet infrastructure has never been more difficult. Cyber attacks on Internet commerce, vital business sectors and government agencies have grown exponentially," wrote Commerce Secretary Gary Locke in the report's introduction.