The Commerce Department is calling for the creation of nationally recognized, voluntary codes of conduct to help strengthen cybersecurity protections for online businesses.  The Department issued its recommendations in a green paper on “Cybersecurity, Innovation and the Internet Economy,” which was released on June 8, 2011.  As noted in today’s Federal Register, the Department will be accepting comments on the green paper until August 1, 2011. 

As we discussed last month, one element of the White House’s recent legislative proposal for cybersecurity focuses on core critical infrastructure operators such as the electricity grid, the financial sector, the water system, and transportation networks.  The Commerce Department’s report complements the legislative proposal by concentrating on another sector of the economy – what the report calls the Internet and Information Innovation Sector (“I3S”).  The I3S encompasses businesses that create or utilize the Internet or networking services and have a large potential economic impact, including electronic retailers, social networking sites, cloud computing firms, and online transactional service providers.

The report’s analysis and recommendations fall into four categories:

  1. Creating voluntary codes of conduct.  The report recommends convening multi-stakeholder groups to develop consensus-based standards and best practices that I3S industry members could use as a baseline for their own cybersecurity efforts. 
  2. Developing incentives.  The report suggests that a federal data breach notification law, disclosures of security plans, and public-private partnerships to facilitate information sharing could encourage adoption of standards and best practices in the I3S. 
  3. Improving education and research.  The report suggests that cybersecurity could be improved through better cost/benefit analyses, better targeting of awareness-raising efforts, and greater emphasis on deployable technologies in cybersecurity research and development.
  4. Promoting international cooperation.  The report recommends that the U.S. government continue with its efforts to promote cybersecurity policies, standards, and research globally. 

Cybersecurity is the second of the four initiatives currently being considered by the Commerce Department’s Internet Policy Task Force.  The Task Force’s first green paper, on “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework,” was released last December.  Green papers on the remaining two issues, copyright and the global free flow of information, are expected soon.