Export Compliance Daily is a Warren News publication.
Multistakeholder Process

Commerce's Internet Policy Task Force Seeks Input on Cybersecurity Topics

The Department of Commerce’s Internet Policy Task Force sought public input Friday on possible cybersecurity-related topics that the IPTF could address via a consensus-based multistakeholder process. Topics the IPTF would tackle would largely veer away from securing critical infrastructure, a topic that federal agencies have recently focused on, “in hopes of improving security and user trust in the digital economy while also promoting U.S. innovation,” NTIA Administrator Larry Strickling said in a statement. The IPTF’s cybersecurity work would complement cyber initiatives that focused on critical infrastructure, including the National Institute of Standards and Technology’s development of its Cybersecurity Framework, NTIA said. The topics could include the cyber vulnerability disclosure process, botnet mitigation, the Internet of Things, managed security services and combating malware, the IPTF said in its request for comment (RFC).

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

The IPTF said it’s seeking input from a wider range of stakeholders than those targeted in NIST’s development of the Cybersecurity Framework, although ISPs and some other stakeholders also participated in the framework development and other critical infrastructure-related cyber initiatives. Other targeted stakeholders include civil liberties advocates, cloud and content providers, digital economy experts, mobile app developers, software developers, security vendors and vulnerability researchers, ITPF said.

The IPTF said it believes a multistakeholder approach will be conducive to creating voluntary policies that can address quickly changing developments in cybersecurity. The group is giving NTIA the job of convening the multistakeholder meetings in collaboration with the IPTF’s other administering agencies -- NIST, the Patent and Trademark Office and the International Trade Administration. The IPTF said it anticipates the first meeting will be in summer. Stakeholders will have 60 days past the RFC’s publication in the Federal Register to comment on potential topics and the multistakeholder process, IPTF said.

NIST’s process for developing the Cybersecurity Framework could become a model for development of IPTF’s cybersecurity initiative, industry observers told us. NIST’s development of the Cybersecurity Framework, which began after President Barack Obama issued a February 2013 cybersecurity executive order, was “so well received that it ought to be something” that IPTF should look at as a model, Internet Security Alliance President Larry Clinton said. NIST’s co-leadership of the IPTF means it’s possible the same process used to develop the Cybersecurity Framework would be used for the IPTF’s process, though the inclusion of stakeholders outside of critical infrastructure sectors could factor into an altered process, an Internet industry lawyer said.