Coalition aims to educate policymakers on cybersecurity

A group of vendors launched the Coalition for Cybersecurity Policy and Law, a new organization that will focus on education and collaboration with policymakers on the increasingly complicated legislative and regulatory policies related to cybersecurity.

Founding members of the Coalition include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec.

“The members of this Coalition are dedicated to building our nation’s public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy,” said Ari Schwartz, Coordinator of the Coalition and former White House Special Assistant to the President for Cybersecurity. “The range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this Coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats.”

Educate policymakers

The mission of the Coalition is to bring together leading companies to help educate policymakers and develop consensus-driven policy solutions that:

• Promote a vibrant and robust cybersecurity marketplace
• Support the development and adoption of cybersecurity innovations
• Encourage organizations of all sizes to take steps to improve their cybersecurity.

Working at the intersection between government entities, researchers, and vendors, the Coalition will speak on behalf of the cybersecurity industry in Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other relevant policymaking venues.

As an initial action, the Coalition submitted comments to the NIST in response to the agency’s request for information on the Framework for Improving Critical Infrastructure Cybersecurity.

The Coalition’s comments praised the framework as “a flexible, adaptive, and purely voluntary construct for the protection of critical infrastructure in the United States” that “has achieved a substantial degree of acceptance and adoption by critical infrastructure industries.” More specifically, the Coalition’s comments:

• Urged NIST to consider specific issues related to the potential spin-off of governing responsibility to a third-party non-profit
• Suggested that NIST hold one or more feedback meetings at an international location
• Encouraged NIST to continue to develop more complete standards for the authentication of individuals and automated devices
• Proposed a starting point for consideration of supply chain vulnerabilities in the framework
• Outlined concerns over the difficulty in distinguishing between different Implementation Tiers in the framework.

“Rapidly-evolving technology issues like cybersecurity present a difficult challenge for policymakers as they try to develop effective and balanced policies on issues that are changing in real time,” said Matt Moynahan, President of Arbor Networks. “Our companies are at the leading edge of understanding and addressing these complicated cybersecurity issues, and we believe we can offer invaluable experience and insight to policymakers trying to build consensus on how best to address both current and future challenges.”