Cybersecurity

Threats to our cybersecurity are real, and we must work together to find a solution. As we rely more on our computers, smart phones, and tablets for work, entertainment, banking, shopping and communicating, new breeds of cybercriminals, hacktivists, and rogue nations have become as adept at exploiting the vulnerabilities of our digital world. ITI members are working to create the best cyber defense possible. Our approach must be fast, flexible, and forward-thinking to take on the new generation of cyber threats that we all face, and protect the basic structure and benefits of the Internet.

The United States’ information technology (IT) industry is the strongest in the world, driving economic growth, creating new businesses, generating jobs, and improving defense and intelligence activities. Our industry also is at the forefront of efforts to improve cybersecurity. We track down and address cyber threats, constantly improve the security of our products, invest billions of dollars in cybersecurity research and development (R&D), engage in a range of public-private partnerships and activities, and contribute to the development of global cybersecurity standards.

Engagement in the United States: In the U.S., we focus on both Congressional and Administration policies. We urge Congress to pass legislation on issues that would make substantial improvements to cybersecurity:

•  Improved information sharing;
•  Reform of the Federal Information Security Management Act (FISMA);
•  Enhanced criminal penalties for cybercrime;
•  Greater international coordination on law enforcement efforts; and
•  Additional cybersecurity R&D.

Addressing these issues would immediately improve public and private cybersecurity infrastructure without adding unnecessary expense or bureaucracy. We also support the adoption of a single, federal standard for data breach notification. Currently, businesses - both large and small - face conflicting data breach legal requirements under existing state laws.

Consistent with our efforts around the world, ITI wants to ensure that legislation does not inadvertently stifle innovation by imposing prescriptive mandates on technology’s design, development and manufacturing processes.

We urge the Administration to leverage and build upon existing public-private partnerships and industry efforts regarding cybersecurity to the fullest extent possible, including those that work to advance critical infrastructure protection. The Administration can also contribute to greater cybersecurity through education to users, increasing its own R&D, showcasing best practices, convening stakeholders to solve cybersecurity challenges, promoting globally accepted, industry-developed, voluntary security standards, and cooperating internationally to address cross-border issues.

Engagement Globally: A growing number of governments are enacting cybersecurity-related laws, regulations, standards, certification systems, and other requirements, covering both government and commercial markets. While these policies may have the best intentions—to increase security—in some cases they present obstacles to global ICT companies conducting business in those markets, are inconsistent with generally accepted norms, standards, and best practices, and in several cases may actually violate international trade obligations. Moreover, such requirements rarely provide better security and may place countries at greater risk by slowing technological innovation and economic development. ITI works to prevent or remove such cybersecurity-related policies that disrupt international trade and market access.

Related Documents:

Global Cybersecurity Principles (June 2012)

Global Cybersecurity Principles (Chinese translation) (June 2012)

Global Cybersecurity Principles (Japanese translation) (June 2012)

Addressing Liability Concerns in Information Sharing (January 2012)

Steps to Facilitate More Effective Information Sharing to Improve Cybersecurity (October 2011)

The IT Industry's Cybersecurity Principles for Industry and Government (January 2011)