The Department of Commerce’s Internet Policy Task Force issued a green paper entitled “Cybersecurity, Innovation and the Internet Economy.” The green paper recommends a new framework for addressing internet security issues for companies other than those that are considered part of the critical infrastructure. The term critical infrastructure refers generally to the defense, energy and financial sectors, transportation networks, and the like, as set forth in the Cybersecurity Legislative Proposal delivered by the Obama administration to Congress in May.
Among other things, the green paper recommends the Department of Commerce 1) designate a new Internet and Information Innovation Sector (“IS3″) to address functions and services outside the classification of critical infrastructure, such as facilitating the development of voluntary codes of conduct and improving and augmenting conformance-based assurance models for IT systems, 2) identify incentives to encourage IS3 adoption of voluntary cyber security best practices and encourage disclosure of cyber security plans to increase accountability, 3) work to build a stronger understanding of the costs of cyber threats and the benefits of greater security to the IS3, and 4) increase international collaboration and cooperation to promote cyber security policies and cooperation that are consistent with or improve upon global norms and practices. The green paper also suggests Congress enact a law to provide a commercial data security breach framework. The Internet Policy Task Force now seeks further comment on the issues discussed in the green paper and specific questions posed by the Task Force. Please refer to the “Cybersecurity, Innovation and the Internet Economy” green paper at http://www.commerce.gov/sites/default/files/documents/2011/june/cybersecurity_green_paper_finalversion.pdf for further information.