The U.S. Department of Commerce's Internet Policy Task Force recommends the federal agency work with private-sector businesses to establish a set of best practices for cyber-security.
Internet
businesses should follow a code of conduct to reduce cyber-attacks and online
fraud, the United States Department of Commerce recommended in a new report.
The code of conduct should be developed jointly by the federal agency and the
private sector.
The
Department of Commerce should help organize business groups to establish
voluntary standards and processes while promoting cyber-security best
practices, according to the 75-page "Cybersecurity,
Innovation and the Internet Economy" report released June 8 by the federal
agency's Internet Policy Task Force.
The
key role for the government is to assist the industry in developing voluntary
codes of conduct that would unify various technical standards that currently
exist, the report said. The codes of conduct will reflect a "broad set of
responsibilities" that industry members can use as a baseline when trying to define
their own cyber-security requirements.
"The
government should not be in the business of picking technology winners and
losers," the report warned. However, the government should "proactively"
promote industry-led efforts and call on organizations to implement "widely
accepted standards and practices" that would "markedly improve" the country's
security stance, the report said.
One
of the report's recommendations was that Web-based businesses should deploy
Domain Name System Security protocol extensions on domains hosting key Websites
to prevent Web hijacking. The report also recommended improved methods for user
authentication.
The
Commerce Department will put the report out for public comment to solicit
information on a number of questions, such as what standards the sector should
embrace.
"By
increasing the adoption of standards and best practices, we are working with
the private sector to promote innovation and business growth, while at the same
time better protecting companies and consumers from hackers and cyber-theft,"
said Commerce Secretary Gary Locke.
The
federal government should support research to automate cyber-security, create
incentives for businesses that follow cyber-security standards and increase
cyber-security education programs, the report recommended. The incentives will
encourage businesses to make the necessary expenditures to improve security. An
example of an incentive may be imposing less legal liability on companies that
use best practices but still get hacked, the report suggested.
Security
accounted for about 14 percent of the information technology budgets for North
American and European companies in 2010, according to a recent analysis by
Forrester.
Online
transactions are about $10 trillion globally each year, and there were an
estimated 55,000 new viruses, worms, spyware and other active threats daily,
according to the Commerce Department report.
"Our
economy depends on the ability of companies to provide trusted, secure services
online. As new cyber-security threats evolve, it's critical that we develop
policies that better protect businesses and their customers to ensure the
Internet remains an engine for economic growth," Locke said.
The
Commerce report covers businesses that do not qualify as "critical
infrastructure" such as online retailers and social networking sites. The
department classifies this sector as "Internet and information innovation," or
businesses with a large Internet or technology focus. The White House has
previously issued its guidelines on how cyber-security for critical
infrastructure should be regulated by the Department of Homeland Security.
"We're
pleased that the [Obama] administration recognizes that many Internet-based
functions and services that consumers use every day should not be defined as
part of the 'critical infrastructure' that is subject to a more prescriptive
regulatory regime," said Leslie Harrie, president of the Center for
Democracy and Technology, a digital liberties and privacy group.
"Today's
recommendations will help foster innovation and dynamism in the face of
evolving cyber-security threats," said Robert Holleyman, president and CEO of
the Business Software Alliance, representing the entire software industry.
Email
Print
