This page contains a Flash digital edition of a book.
What more can policymakers do?


Although many of these public-private partnerships are working well, and form an important baseline, they can be improved or better utilized. Policymakers should:


• Recognize that many public-private partnerships have been in existence for a decade and include a significant amount of trust between actors as well as significant resource commitments by all involved.


• Leverage and build upon existing partnerships and efforts to the fullest extent possible, including those that work to advance critical infrastructure protection. Congress and the Administration can both contribute to this effort.


• Determine which public-private partnership(s) may be addressing issues about which policymakers are concerned, and leverage them as appropriate before proposing something new (particularly before proposing any new structure at odds with such partnerships). Congress and the Administration can both contribute to this effort.


• Identify any concerns about current public- private partnerships and suggest means for improvement before proposing entirely new public-private partnerships be built from scratch. Congress and the Administration can both contribute to this effort.


• Better understand the public- and private- sector roles and responsibilities, under existing authority, related to public emergencies, and identify any gaps. The Administration should lead on this effort.


• Eliminate barriers that preclude the sharing of specific, actionable threat information between the public and private sectors. The Administration should lead this effort.


• Better share specific, actionable information on cyber threats with private-sector actors so that the latter can react more quickly and sufficiently. The Administration should lead on this effort.


• Ensure that NIST continues to serve as the U.S. Federal coordinator for cybersecurity best practices and guidelines. Congress should lead on this effort.


• Take definitive steps to improve federal cybersecurity by consistently and fully implementing throughout U.S. Federal networks industry-led, globally recognized cybersecurity standards and best practices. The Administration and Congress can both contribute to this effort.


The IT Industry’s Cybersecurity Principles for Industry and Government


PAGE 11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24