International IT industry groups call for cohesive security policies
Industry groups from three continents came together to release a list of new Internet security policy formation recommendations.
As cybersecurity issues continue to cross sectors and transcend borders, three leading IT industry groups have come together to issue a comprehensive set of guidelines that they would like to see government leaders adhere to when designing the next wave of policies.
The Information Technology Industry Council (ITI), DIGITALEUROPE (DE) and Japan Electronics and Information Technology Industries Association (JEITA) collectively represent the interests of many of the world's most prolific technology manufacturers and service providers. By adopting a leadership role in the global cybersecurity conversation, they are hoping to provide the crucial field insights that ensure government-sponsored policies achieve expressed goals without disrupting industry progress and innovation.
"Policy approaches to advance cybersecurity must meet security needs while preserving interoperability, openness and a global market," the collaborative report stated. "In the right policy environment, we can increase security while maintaining the societal benefits derived from the growth and development of cyberspace."
Breaking out of the silo
Regardless of their ultimate shape, government cybersecurity policies will inherently hold implications that extend well beyond parliamentary chambers. That's why the first of the report's 12 recommendations focuses on establishing a culture of transparency and cooperation. By issuing draft texts of legislation and allowing for public comment, for example, policymakers can gauge the industry reception for their proposals and receive critical feedback to help shape stronger, more relevant mandates.
Report authors urged government leaders to utilize the private sector as more than just a focus group, however. The IT industry at-large is often several steps ahead of the public sector when it comes to data and Internet security innovations. By involving these companies from the start, policymakers can ensure that their efforts align with previous progress in the field and may even be able to conserve resources by capitalizing on private investments.
Standardized, interoperable functionality
Keeping with the theme of inclusion, the industry groups also included their recommendations for extending an attitude of openness to technical considerations. Government leaders were encouraged to develop cybersecurity requirements that are "technology-neutral." Not only does this eliminate suspicion of collusion with vendors, it also ensures that effective network and data protection is not tied to socioeconomic factors.
For instance, advocating for the use of tools that are only manufactured in limited, specialized settings could create an uphill battle for organizations in countries outside traditional distribution zones.
Also, report authors called on policymakers to allow for the procurement of best-of-breed technologies regardless of the vendor's country of origin to eliminate any discrimination or bias.
"Product security is a function of how a product is made, used and maintained, not by whom or where it is made," the report stated. "Governments should reexamine their understanding of cyber supply chain risk and partner with industry on solutions that build bridges rather than exclusionary trade walls."
But while requisite technology should be readily available to all, it must also be developed and implemented in a standardized fashion to maximize functionality. Indeed the most important role of policymakers, according to report authors, will be the promotion of globally recognized security standards, best practices and compliance assessments.
Too often, misaligned or disparate security frameworks leave companies confused and hackers happy. When vital requirements get lost in translation, loopholes abound and risk rises. But by developing uniform policies, created from industry feedback and with industry approval, security stakeholders can conserve vital resources that would have been wasted on conflicting protocols and allocate time and money where it really matters.
Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet