Commerce Dept. Recommends Public-Private Partnership on Cybersecurity

WASHINGTON, June 9, 2011 – The Department of Commerce released its Cybersecurity, Innovation and the Internet Economy green paper on Wednesday, advising cooperation between the government and private sector to implement ways to address cybersecurity issues. The Internet Policy Taskforce, a departme

WASHINGTON, June 9, 2011 – The Department of Commerce released its Cybersecurity, Innovation and the Internet Economy green paper on Wednesday, advising cooperation between the government and private sector to implement ways to address cybersecurity issues.

The Internet Policy Taskforce, a department-wide group created in April 2010, wrote the green paper with the goal of addressing the pressing issues surrounding cyber security.

Global online transactions have grown annually and currently account for $10 trillion in global trade. There has also been an increase in malware; between January 2009 and December 2010 the number of malware attacks doubled. In 2010, there were 55,000 new viruses, worms, and spyware threats.

“Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it’s critical that we develop policies that better protect businesses and their customers to ensure the Internet remains an engine for economic growth,” said Commerce Secretary Gary Locke in a statement.

The green paper suggests that the government should support the creation of national code of conduct to deal with cybersecurity vulnerabilities. The new code of conduct should be created through a public-private collaboration rather than governmental edict. In addition to a code of conduct, the government hopes that industry will develop a set of standards which can be universally adopted.

“By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft,” said Locke.

To protect consumers and business from the economic damages sustained by cyber-attack, the green paper suggestions the creation of cyber insurance. According to the paper, the market for cyber insurance would range from $450-500 million. Before any cyber insurance product is created however, industry must first determine how best to evaluate the costs of cyber-attacks.

In order to expand knowledge on potential cyber-attacks and vulnerabilities the report recommends the establishment of a National Initiative for Cybersecurity Education that would coordinate and fund research.

In addition to educating the business community about cyber-attacks and threats, the report recommends the addition of cyber protection to current digital literacy programs.

To further knowledge of cyber threats, the green paper recommends that the U.S. expand international collaboration: “The fact that cybersecurity is not defined by national borders and that the United States cannot afford to ignore global consideration…..The importance of engaging with our international partners early and often on matters related to standards development and policies is an essential starting place.”

In order to protect consumers, the report asks Congress to create a law that creates a framework for the notification of customers when electronic records have been breached. This recommendation is very similar to legislation currently proposed by Sen. Patrick Leahy (D-VT), the Personal Data Privacy and Security Act. Leahy’s bill would establish a national standard for the notification to consumers by corporations when data breaches occur.

The full green paper can be found here.