Internet security has been in the news recently. And now that Anthony Wiener has admitted that he, and not some mischievous hacker, was the one that sent that naughty picture to a college coed, maybe we can turn our focus to the estimated $10 trillion in global online transactions that may not be as secure as we would all like. Well, maybe not all of us. The hackers out there like things just the way they are.
But the U.S. Department of Commerce is concerned enough about all those cyber-dollars to have proposed a new policy framework to strengthen cybersecurity protections for online business.
“Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it’s critical that we develop policies that better protect businesses and their customers to ensure the Internet remains an engine for economic growth,” said Commerce Secretary Gary Locke. “By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft.”
The report, developed by the Department’s Internet Policy Task Force, makes a number of specific recommendations for reducing I3S vulnerabilities:
- Establish nationally recognized but voluntary codes of conduct to minimize cybersecurity vulnerabilities. For example, the report recommends that businesses employ present-day best practices, such as automated security, to combat cybersecurity threats and that they implement the Domain Name System Security (DNSSEC) protocol extensions on the domains that host key Web sites. DNSSEC provides a way to ensure that users are validly delivered to the web addresses they request and are not hijacked.
- Developing incentives to combat cybersecurity threats. The report also recommends exploring and identifying incentives that could include reducing “cyberinsurance” premiums for companies that adopt best practices and openly share details about cyberattacks for the benefit of other businesses.
- Improve public understanding of cybersecurity vulnerabilities through education and research. Programs like the National Initiative for Cybersecurity Education should target awareness and training to the I3S and develop methods for cost/benefit analyses for cybersecurity expenditures.
- Enhance international collaboration on cybersecurity best practices to support expanded global markets for U.S. products. This should include enhanced sharing of research and development goals, standards, and policies that support innovation and economic growth.