This page contains a Flash digital edition of a book.
• U.S. IT companies worked with the Department of Defense to found the Trusted Technology Forum (TTF), a global industry-led standards initiative that will allow technology companies, customers, government, and supplier organizations to create and promote guidelines for manufacturing, sourcing, and integrating trusted, secure technologies.


• The U.S. and other governments participate in bilateral and multilateral efforts to facilitate international government-industry cooperation on global cybersecurity best practices. Examples include bilateral critical infrastructure protection (CIP) forums between the U.S. Government and our trading partners including Japan and the EU, and the Congressionally mandated biennial Cyber Storm exercise series run by the Department of Homeland Security (DHS), which is designed to test and improve communications, policies, and procedures in response to various cyber threats.


What more can policymakers do?


Some policymakers’ proposals refer to cybersecurity standards, best practices, and product assurance. Policymakers should:


• Support industry and government collaboration to review and continue to improve the CC product assurance standard as necessary, and maintain focus on the CC and the CCRA as critical components of global cybersecurity. The Administration should lead on this effort.


• Make the preservation and promotion of a global market a primary goal in any product assurance requirements, and avoid U.S. Government-specific requirements. Congress and the Administration can both contribute to this effort.


• Carefully view any U.S. policies from a global perspective. Any U.S. policies that are non- globally compatible, whether implemented through law or regulation (or sometimes if merely proposed) will be emulated around the world. Some countries also may use such policies or proposals as a starting point for their own additional domestic regulatory intrusions that will balkanize the global marketplace. Congress and the Administration can both contribute to this effort.


• Recognize and reaffirm the United States’ leadership role in promoting international adoption of industry-led, globally recognized cybersecurity standards and best practices. Among other ways, the U.S. can do this by demonstrating progress in implementing such standards and best practices in U.S. Federal systems. Congress and the Administration can both contribute to this effort.


• Proactively seek dialogues with our trading partners about the use and benefits of industry- led, globally recognized standards and best practices that will achieve the requisite levels of security needed to meet national security concerns while preserving interoperability, openness, and economic development. The Administration should lead on this effort.


• Counter other countries’ attempts to enact non-globally compatible cybersecurity-related standards, practices, and requirements that threaten to balkanize cyberspace and make it less secure. The Administration should lead on this effort.


The IT Industry’s Cybersecurity Principles for Industry and Government


PAGE 13


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24