Commerce Department backs voluntary information security code for SMEs

The department’s Internet Policy Task Force today released a report, "Cybersecurity, Innovation and the Internet Economy", which noted that global online transactions are currently estimated by industry analysts at $10 trillion annually and that the number of Internet malware threats doubled between January 2009 and December 2010. In 2010, an estimated 55,000 new viruses, worms, spyware and other threats were bombarding the internet daily, the report said.

To combat these growing threats, the task force makes four recommendations to SMEs that do business online, as well as social networking sites, internet-only businesses, and cloud computing firms.

First, the report recommends that firms establish and adopt national voluntary codes of conduct to minimize information security vulnerabilities. For example, the report recommends that SMEs implement the domain name system security (DNSSEC) protocol extensions on the domains that host key websites; DNSSEC provides a way to ensure that users are delivered to the web addresses they request and are not hijacked.

Second, the task force recommends that incentives be provided for companies to beef up their information security. Such incentives could include reduced cyberinsurance premiums for companies that adopt information security best practices and share details about cyberattacks with other businesses.

Third, the report suggests that public education and research programs about information security vulnerabilities be expanded. And fourth, the task force calls for enhanced international collaboration on information security best practices.

“Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it’s critical that we develop policies that better protect businesses and their customers to ensure the Internet remains an engine for economic growth”, said Commerce Secretary Gary Locke in announcing the report. “By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft.”

What’s hot on Infosecurity Magazine?