Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Tech Firms Form Coalition for Cybersecurity Policy

A group of cybersecurity and enterprise technology firms have formed a new organization focused on helping policymakers create “consensus-driven” policy solutions.

A group of cybersecurity and enterprise technology firms have formed a new organization focused on helping policymakers create “consensus-driven” policy solutions.

The new Coalition for Cybersecurity Policy and Law was founded by seven tech industry companies, namely Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec.

With the legislative and regulatory policies related to cybersecurity becoming more complex, the Coalition’s goal is to focus on educating policymakers and collaborating on complicated policies.

The Coalition said it will also work toward bringing together companies to create policy solutions that promote a “vibrant and robust cybersecurity marketplace,” support the development and adoption of cybersecurity innovations, and encourage organizations of all sizes to take steps to improve their cybersecurity.

Additionally, the organization said would promote the interests of the cybersecurity industry in Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other relevant policymaking venues.

Some of the main areas of interest for the Coalition include promoting responsible vulnerability research and disclosure, along with effective privacy processes within cybersecurity policy, as well as establishing government requirements for agency systems. It will also focus on increasing information sharing and threat intelligence and on promoting sound cybersecurity practices in government at all levels.

The Coalition has already taken the first step into establishing its presence on the cybersecurity scene by submitting comments to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information on the Framework for Improving Critical Infrastructure Cybersecurity.

The organization believes that the Framework is a flexible, adaptive construct for the protection of critical infrastructure in the United States, that it is purely voluntary, and that it critical infrastructure industries have already substantially accepted and adopted it. The Coalition also urges NIST to look into the specific issues that would raise from spinning-off the governing responsibility to a third-party non-profit and suggests that NIST would hold feedback meetings at an international location.

Advertisement. Scroll to continue reading.

The organization encourages NIST to continue working on more complete standards for the authentication of individuals and automated devices and proposes a starting point for consideration of supply chain vulnerabilities in the Framework. The Coalition also expressed a series of concerns over the difficulty in distinguishing between different Implementation Tiers in the Framework.

The Coalition has appointed Ari Schwartz, Managing Director of Cybersecurity Services for Venable LLP, as its Coordinator. He is a former member of the White House National Security Council, where he served as Special Assistant to the President and Senior Director for Cybersecurity and led the rollout of the Cybersecurity Framework. Prior to the White House, he led the Department of Commerce’s Internet Policy Task Force.

“The members of this Coalition are dedicated to building our nation’s public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy. The range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this Coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats,” Schwartz said.

Following numerous terrorist attacks last year, government agencies requested tech companies would introduce backdoors into their encryption tools and services, to help investigators access the communication of criminals. Many researchers and organizations, including ENISA, already suggested that the inclusion of backdoors into services would weaken security, but the dispute is far from being settled.

In fact Apple’s recent refusal to help the FBI unlock and search an iPhone belonging to the man who shot and killed 14
individuals in San Bernardino in December has sparked a debate on whether backdoors are necessary or not. SecurityWeek’s latest Feedback Friday compiled comments from multiple industry professionals, presenting good arguments on both sides: tech companies that sided with Apple, and politicians who support the FBI’s request.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem