On June 8, 2011, the Department of Commerce’s Internet Policy Task Force released a report entitled “Cybersecurity, Innovation and the Internet Economy.” The report contains four broad policy recommendations: (1) the creation of a nationally recognized approach to minimize vulnerabilities for the Internet and networking services industry, (2) the development of incentives to combat cybersecurity threats, (3) increased cybersecurity education and research, and (4) the promotion of international cooperation to enable sharing of cybersecurity best practices.
Notably, the report advocates the creation of voluntary cybersecurity codes of conduct that could be enforced by the Federal Trade Commission and State Attorneys General. The goal of the codes of conduct would be to “unify various technical standards that currently exist and identify a broad set of responsibilities that industry members can use as a baseline for their own cybersecurity efforts.” The report encourages a transparent development process for creating the codes of conduct that involves industry members, government and consumer groups.
In addition to creating codes of conduct, the report advocates the increased use of “cyberinsurance,” the enactment of a federal data security breach notification law, the creation and adoption of formal cybersecurity-oriented curricula in schools, and the use of internationally accepted “cybersecurity principles.”
This latest Department of Commerce Report follows the cybersecurity legislative proposal released by the Obama Administration in May 2011, and the Department’s landmark green paper on data privacy released in December 2010. These two major privacy and data security reports signal the Department of Commerce’s interest in taking an active role in shaping privacy and data security policy.