Coalition for Cyber Security Policy

Wednesday, February 24, 2016 @ 01:02 PM gHale

A group of cyber security and enterprise technology companies formed an organization to aid policymakers in creating “consensus-driven” policy solutions.

The new Coalition for Cybersecurity Policy and Law, founded by seven tech industry companies, Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec, wants to help legislators simplify the increasingly complex nature of securing critical infrastructure.

Security Framework Grows in Usage
IoT Security Firm Win DHS Grant
Cyber Security Center Opens
Data Framework: EU-U.S. Privacy Shield

The Coalition wants to lock in on educating policymakers and collaborate on complicated policies.

The Coalition said it will also work toward bringing together companies to create policy solutions that promote a “vibrant and robust cyber security marketplace,” support the development and adoption of cyber security innovations, and encourage organizations of all sizes to take steps to improve their cyber security.

Additionally, the organization said it would promote the interests of the cyber security industry in Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other relevant policymaking venues.

Some of the main areas of interest for the Coalition include promoting responsible vulnerability research and disclosure, along with effective privacy processes within cyber security policy, as well as establishing government requirements for agency systems. It will also focus on increasing information sharing and threat intelligence and on promoting sound cyber security practices in government at all levels.

The Coalition has already taken the first step into establishing its presence on the cyber security scene by submitting comments to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information on the Framework for Improving Critical Infrastructure Cybersecurity.

The organization believes the Framework is a flexible, adaptive document for the protection of critical infrastructure in the United States, it is purely voluntary, and critical infrastructure industries have already substantially accepted and adopted it. The Coalition also urges NIST to look into the specific issues that could arise from spinning-off the governing responsibility to a third-party non-profit and suggests NIST hold feedback meetings at an international location.

The organization encourages NIST to continue working on more complete standards for the authentication of individuals and automated devices and proposes a starting point for consideration of supply chain vulnerabilities in the Framework.

The Coalition also expressed a series of concerns over the difficulty in distinguishing between different Implementation Tiers in the Framework.

The Coalition has appointed Ari Schwartz, managing director of cybersecurity services for Venable LLP, as its coordinator. He is a former member of the White House National Security Council, where he served as Special Assistant to the President and Senior Director for Cybersecurity and led the rollout of the Cybersecurity Framework. Prior to the White House, he led the Department of Commerce’s Internet Policy Task Force.