Twenty-three associations representing nearly every industry sector of the U.S. economy are applauding the Obama administration’s support for a dynamic and flexible approach to addressing cybersecurity risk. In a letter sent today to Michael Daniel, special assistant to the president and cybersecurity coordinator, industry expressed support for the principles laid out in Daniel’s May 22 blog, Assessing Cybersecurity Regulations, where he emphasized the administration’s view that the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (framework) should remain collaborative, voluntary, and innovative over the long term. The Information Technology Industry Council (ITI) agrees with Daniel’s assessment that business and government “must build equally agile and responsive capabilities not bound by outdated and inflexible rules and procedures.”
The signatories of the letter provided roughly a dozen examples of our efforts to improve cybersecurity risk management in our sectors and foster awareness of the framework. These examples not only demonstrate industry’s commitment to using the framework but speak more broadly to the open, transparent, and collaborative manner in which we worked with the government to create a major cybersecurity policy initiative. This public-private partnership process is one ITI has long advocated as being a key component for effective cybersecurity policymaking.
NIST, working closely with multiple industry and government stakeholders, led the development of a smart cybersecurity framework we are proud of. But more work lies ahead as organizations determine how to improve their risk management practices – including by using the framework – to enhance and strengthen collective resilience and cybersecurity. And as exemplified by this letter, further expanding our efforts across multiple industry sectors will be essential. All sectors have a shared interest in, and responsibility for, improving cybersecurity, and working together will move us more quickly toward greater cyber resilience.
We also need to continue collaborative efforts, reaching across borders, to partner with global industry and governments in ways that improve resiliency of the global cyber infrastructure and learn from each other’s experiences. Agile and responsive cyber capabilities must not be constrained by borders in today’s global economy, just as they must not be held back by outdated and inflexible rules and procedures. In fact, ITI recently visited Korea and Japan and shared with these countries’ governments and business leaders the benefits we have experienced from public-private partnership approaches to developing globally workable cybersecurity policies that reflect global standards and industry-driven practices.
ITI looks forward to working with a growing team of like-minded colleagues to build on the progress that we – industry and government – are making together to improve cybersecurity risk management.