IPTF Requesting Public Comment on Cybersecurity in the Digital Ecosystem

Today the NIST's Internet Policy Task Force published a request for public comment in today's Federal Register (80 FR 14360-14363) concerning it's ongoing work looking at cybersecurity in the digital ecosystem. 

 

The IPTF is trying to to identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers. This effort is seen a complimentary to the NIST's Cybersecurity Framework and is attempting to identify actions that can be taken across a broader scope of the electronic landscape than just the system owner level.

 

In this document the IPTF “proposes to facilitate one or more multistakeholder processes around key cybersecurity issues facing the digital ecosystem and economy”. In facilitating this discussion the IPTF is asking for responses to the following questions:

 

· What security challenges could be best addressed by bringing together the relevant participants in an open, neutral forum to explore coordinated, voluntary action through principles, practices, and guidelines?

· Which topics could result in actionable, collective progress by stakeholders in a multistakeholder setting?

· What factors should be considered when selecting the multistakeholder processes?

· How can the IPTF promote participation of a broad range of stakeholders in the development process?

· What procedures and technologies can promote transparency in the process?

· What types of consensus outcomes can promote real security benefits without further adding to a compliance-oriented model of security?

· How should evaluation of the processes be conducted to assess results and ensure that the recommendations and outcomes of the process remain actionable and current?

Some of the topics to be considered could include:

· Botnet mitigation;

· Trust and Security in Core Internet Infrastructure;

· Domain Name System (DNS), Border Gateway Protocol (BGP), and Transport Layer Security (TLS) Certificates;

· Open source assurance;

· Malware mitigation;

· Web security;

· Malvertising;

· Trusted downloads;

· Cybersecurity and the Internet of Things;

· Privacy;

· Managed security services;

· Vulnerability disclosure;

· Security investment and metrics;

Comments should be submitted via by email to securityRFC2015@ntia.doc.gov. Comments should be submitted by May 18^th, 2015.