As Washington struggles to come up with cybersecurity legislative and regulatory policies, a group of experts from the private and public sectors, including former White House Special Assistant to the President for Cybersecurity Ari Schwartz, Thursday launched the Coalition for Cybersecurity Policy and Law to collaborate with and help educate policymakers and develop “consensus-driven policy solutions.”
Schwartz, coordinator of the commission, said in a release that the group is “dedicated to building our nation's public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy."
The former White House cyber guru explained that the “range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this Coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats."
Lawmakers have been long-criticized for their inability or unwillingness to create strong cyber policies and legislation. The coalition, whose founding members include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec, aims to bring the voice and expertise of the cybersecurity industry to policymakers, including Congress, federal agencies and international standards bodies.
In its first action, the organization commented on the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. While praising the framework as flexible and adaptive and acknowledging its success in gaining acceptance by those in critical infrastructure industries, the coalition asked the standards organization to “consider specific issues related to the potential spin-off of governing responsibility to a third-party non-profit” and to continue developing “more complete standards for authentication of individuals and automated devices.”
The new group also suggested “a starting point for consideration of supply chain vulnerabilities in the Framework” as well as “outlined concerns over the difficulty in distinguishing between different Implementation Tiers in the Framework."