A House Democratic caucus is pushing the White House to adapt more robust cyber priorities in a new cyber security plan focused on growing public-private partnerships and improving information sharing.
The New Democrat Coalition’s cyber security task force released its plan Thursday, and is pushing for greater conversation between the White House and industry on improving information sharing, data protection, and critical infrastructure and Internet of Things (IoT) standards.
"Confronting digital security threats has been and remains critical. From ISIS to Russia and North Korea, we know that terrorists and foreign actors are looking to attack our cyber-vulnerabilities. We need to act now to detect, isolate, resolve and ultimately minimize the effect of any threat or attack," said Rep. Josh Gottheimer (D-N.J.), task force co-chair, in a statement.
The plan calls for the federal government to increase engagement with the private sector on where improvements can be made in information sharing on cyber threats, including improving the legal framework of security classifications.
“While the private sector must cooperate for information sharing to be truly effective, the government must do more to become an effective partner for the private sector,” the coalition writes in its plan. “Communication cannot simply be a one-way street, in which one side shares its data but receives little to no new information in return.”
The group says the Cybersecurity Information Sharing Act has been underutilized in the effort to improve information sharing. One solution proposed is to broaden the National Security Council’s Vulnerabilities Equities Process, which is used to determine what information can be shared regarding software vulnerabilities.
In light of the recent Equifax [EFX] breach and Russian interference in elections, the coalition is seeking improvements to data and critical infrastructure protection.
The task force’s plans calls for the White House to direct the National Guard to establish cyber civil support teams needed to respond to infrastructure threats. The plan also suggests a reform to the Federal Risk and Authorization Management Program (FedRAMP) to better serve as a model for security certification processes needed for government IT acquisition.
In the area of IoT, the task force cites the importance of developing clearer definitions for device security standards, including complying with current industry specific regulations.
“We have written multiple letters to the Trump administration encouraging both smart
investments in cyber security as well as updated cyber workforce hiring practices,” the task force writes in its plan. “The Task Force is evaluating the best course of action to achieve the above-mentioned policy objectives, whether through legislative processes, by working with the Executive branch, or partnering with industry.”