The Commerce Department's Internet Policy Task Force is seeking public comment on its comprehensive review of the nexus between cybersecurity and innovation in the Internet economy, according to a notice published Wednesday in The Federal Register.
Specifically, Commerce is requesting comment on a report it released last week called Cybersecurity, Innovation and the Internet Economy. In the notice, the agency said it "hopes to spur further discussion with Internet stakeholders that will lead to the development of a series of Administration positions that will help develop an action plan in this important area."
Commerce aims to better understand how to approach cybersecurity in the "Internet and Information Innovation Sector," I3S, which does the following:
- Provides information services and content;
- Facilitates a wide variety of transactional services available through the Internet as an intermediary;
- Stores and hosts publicly accessible content; and
- Supports users' access to content or transaction activities, including, but not limited to, applications, browsers, social networks, and search providers.
These are companies that do not traditionally fall into the covered critical infrastructure sectors that are the focus of many cybersecurity efforts but do have significant security concerns.
The NOI poses 47 questions. The list is thorough, touching on issues such as codes of conduct, best practices, liability, buying power, and incentives, among others, for improving the I3S cybersecurity posture.
Noticeably missing, however, is a question on or discussion of what I3S and other innovative entities should be doing to "bake" cybersecurity into the development and implementation process. The questions seem overly limited to the current approach of promoting innovation and fixing security later, which will always mean we are trying to catch up on cybersecurity.
There are some questions regarding research and development, but it is not clear if those are designed to address cybersecurity R&D for existing systems or for building stronger systems and services to begin with. True innovation in the years to come will only succeed if cybersecurity is considered a part of the innovation and not as an add-on to existing services and technologies.
Jessica Herrera-Flanigan
Jessica R. Herrera-Flanigan is a partner at the Monument Policy Group, where she focuses on the issues affecting our nation’s security, technology, commerce, and entertainment markets. Previously, she served as the Staff Director and General Counsel of the House Committee on Homeland Security. She also has served as Senior Counsel at the Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice, where she led the Section’s cybercrime investigation team. She was a Member of the CSIS Commission on Cyber Security and is a Member of the ABA Standing Committee on Law & National Security. She currently serves as the Fellow for Cybersecurity at the Center for National Policy.
Continuous Monitoring As a Service: A Shift in the Way Government Does Business
Research Report: Powering Continuous Monitoring Through Big Data
Addressing the 3 Biggest BYOD Security Threats
Mobile Apps: New Ways to Connect Government with Citizens
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.