LEADING CYBERSECURITY TECHNOLOGY PROVIDERS LAUNCH COALITION TO ADDRESS CRITICAL POLICY ISSUES

Founding Members of the Coalition for Cybersecurity Policy and Law Include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec; Coalition Files Comments to NIST on Cybersecurity Framework

 

Washington, DC – February 18, 2016 – A group of leading providers of cybersecurity products and services today launched the Coalition for Cybersecurity Policy and Law, a new organization that will focus on education and collaboration with policymakers on the increasingly complicated legislative and regulatory policies related to cybersecurity. Founding members of the Coalition include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec.

“The members of this Coalition are dedicated to building our nation’s public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy,” said Ari Schwartz, Coordinator of the Coalition and former White House Special Assistant to the President for Cybersecurity. “The range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this Coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats.”

The mission of the Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions that:

 

  • Promote a vibrant and robust cybersecurity marketplace;

  • Support the development and adoption of cybersecurity innovations; and

  • Encourage organizations of all sizes to take steps to improve their cybersecurity.


Working at the intersection between government entities, researchers, and vendors, the Coalition will speak on behalf of the cybersecurity industry in Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other relevant policymaking venues. 

As an initial action, the Coalition submitted comments to the National Institute of Standards and Technology (NIST) in response to the agency’s Request for Information on the Framework for Improving Critical Infrastructure Cybersecurity.

The Coalition’s comments praised the Framework as “a flexible, adaptive, and purely voluntary construct for the protection of critical infrastructure in the United States” that “has achieved a substantial degree of acceptance and adoption by critical infrastructure industries.” More specifically, the Coalition’s comments:

 

  • Urged NIST to consider specific issues related to the potential spin-off of governing responsibility to a third-party non-profit;

  • Suggested that NIST hold one or more feedback meetings at an international location;

  • Encouraged NIST to continue to develop more complete standards for the authentication of individuals and automated devices;

  • Proposed a starting point for consideration of supply chain vulnerabilities in the Framework; and

  • Outlined concerns over the difficulty in distinguishing between different Implementation Tiers in the Framework.


The Coalition’s full comments can be found at cybersecuritycoalition.org.

Ari Schwartz, Coordinator of the Coalition, is a former member of the White House National Security Council, serving as Special Assistant to the President and Senior Director for Cybersecurity. In that role, he led the successful White House rollout of the Cybersecurity Framework. Prior to the White House, Schwartz served at the Department of Commerce, where he led the Department’s Internet Policy Task Force. He is currently Managing Director of Cybersecurity Services for Venable LLP.

Reactions from Founding Coalition Members

“Rapidly-evolving technology issues like cybersecurity present a difficult challenge for policymakers as they try to develop effective and balanced policies on issues that are changing in real time,” said Matt Moynahan, President of Arbor Networks. “Our companies are at the leading edge of understanding and addressing these complicated cybersecurity issues, and we believe we can offer invaluable experience and insight to policymakers trying to build consensus on how best to address both current and future challenges.”

“Cisco technologies protect customers in the public and private sector against dynamic cyber threats, giving us a distinct perspective on the implications of government policy,” said Michael Timmeny, Cisco’s Senior Vice President for Government and Community Relations. “We look forward to engaging government leaders to develop smart policies that improve security and reflect business realties.”

"There is a great need for an organization that can provide practical solutions to cybersecurity policy problems,” said David Hoffman, Director of Security Policy and Global Privacy Officer at Intel Corporation. “The Coalition is ideally situated to make a positive impact."

"As the global digital economy and our reliance on technology both continue to grow and evolve, it will be increasingly important to develop robust and clear cybersecurity policy,” said Harley Geiger, Director of Public Policy at Rapid7. “We believe the best path forward is through strong collaboration between the security community and policymakers.”

“Symantec is pleased to be a founding member of the Coalition for Cybersecurity Policy and Law, as it adds an important new voice to the policy discussions around cybersecurity,” said Cheri McGuire, Vice President of Global Government Affairs and Cybersecurity Policy at Symantec. “Security companies bring unique perspectives on an array of cyber and privacy issues, and we look forward to working with the Coalition to ensure that policymakers benefit from our input.”