As reported by Infosecurity, the report – “Cybersecurity, Innovation and the Internet Economy” – makes a series of recommendations for SMEs that do business online, as well as for social networking sites, internet-only businesses, and cloud computing firms. One of the recommendations is for these to develop and adopt national voluntary codes of conduct to strengthen cybersecurity.
In a June 15 Federal Register notice, the task force is asking industry input to improve the report’s recommendations, leading to development of an action plan by the Obama administration.
The task force is particularly interested in feedback on its concept of the internet and information innovation sector (I3S), which includes “functions and services that create or utilize the internet or networking services and have large potential for growth, entrepreneurship, and vitalization of the economy, but would fall outside the classification of covered critical infrastructure.”
The notice asks industry to critique its definition of the I3S sector and what entities should be included in the concept. It also asks for feedback as to whether the focus on improving cybersecurity for this sector is the right one to secure the nation’s critical infrastructure.
In addition, the task force asks, “Would it be appropriate for some types of companies within the I3S to be required to create security plans and disclose them to a government agency or to the public?”
Comment should be sent before midnight on August 1, 2011, by email to SecurityGreenPaper@nist.gov with the subject line “Comment of Cybersecurity Green Paper.”