- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
IDG News Service - The U.S. Department of Commerce should work with Internet business groups to establish voluntary codes of conduct and standards to protect against cyberattacks, a new report from the agency recommended.
The agency should help organize business groups to establish standards-setting processes, and it should promote cybersecurity best practices, said the 75-page report, released Wednesday by the agency's Internet Policy Task Force. The report's recommendations are aimed at what the DOC calls the Internet and information innovation sector, businesses with a large Internet or technology focus.
CYBERSECURITY PRACTICES: Trust, respect and personal datastores
"A key role for government is to assist industry in developing these voluntary codes of conduct," the report said. "These codes of conduct should aim to unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline for their own cybersecurity efforts."
Many companies have called for the U.S. government to allow private companies to continue to develop security tools, but there is a role for the government in promoting best practices, the report said.
"It is clear that the government should not be in the business of picking technology winners and losers; however, where consensus emerges that a particular standard or practice will markedly improve the Nation's collective security, the government should consider more proactively promoting industry-led efforts and widely accepted standards and practices and calling on entities to implement them," the report said.
The agency will next put the report out for public comment, said Ari Schwartz, Internet policy adviser at the DOC's National Institute of Standards and Technology (NIST). The DOC asks for comment on a number of questions, including what standards the Internet sector should embrace, he said.
"To build those codes of conduct, we really need to start with specific, existing standards and existing best practices," he said. "There could be a standard we don't list here that's very close to critical mass."
For example, the report recommends that Web-based businesses deploy Domain Name System Security (DNSSEC) protocol extensions on the domains that host key websites. The report mentions several other security technologies and protocols.
The report is important because the U.S. government needs to take a "fresh look" at Internet policy and cybersecurity, Commerce Secretary Gary Locke wrote in the report's introduction.
"The Internet is again at a crossroads," Locke wrote. "Protecting security of consumers, businesses and the Internet infrastructure has never been more difficult. Cyber attacks on Internet commerce, vital business sectors and government agencies have grown exponentially."
The U.S. government should also support research to automate cybersecurity functions and should focus on creating incentives, including insurance and liability protection, for businesses that follow cybersecurity standards, the report recommended.