A group of cybersecurity technology providers launched a new organization Thursday focused on education and collaborating with policymakers to promote consensus-driven cyber policy solutions.
The new group, the Coalition for Cybersecurity Policy and Law, was founded by Arbor Networks, Cisco [CSCO], Intel [INTC], Microsoft [MSFT], Oracle [ORCL], Rapid7, and Symantec [SYMC].
The coalition’s mission is to “bring together leading companies to help policymakers develop consensus-driven policy solutions that: promote a vibrant and robust cybersecurity marketplace; support the development and adoption of cybersecurity innovations; and encourage organizations of all sizes to take steps to improve their cybersecurity,” the group said in its opening announcement.
The coalition intends to speak for the cybersecurity industry to Congress, federal agencies, international standards bodies, industry self-regulatory programs, and other policymaking settings, it said in a statement.
The coalition is led by Coordinator of the Coalition Ari Schwartz, a former member of the White House National Security Council and current managing director of cybersecurity services at Venable LLP. At the White House Schwartz served as special assistant to the president and senior director for cybersecurity. There he led the White House’s rollout of the Cybersecurity Framework. Previously, Schwartz served at the Commerce Department, leading its Internet Policy Task Force.
“The members of this coalition are dedicated to building our nation’s public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy,” Schwartz said in a statement.
“The range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats,” he added.
The coalition said its first action was to submit comments to the National Institute of Standards and Technology (NIST) in response to the agency’s request for information on the Framework for Improving Critical Infrastructure Cybersecurity.
Although the group commended the framework as flexible and adaptive, it also proposed several courses of action. These include urging NIST to consider specific issues like a potential spin-off of governing responsibility to a third-party non-profit, suggesting NIST hold one or more feedback meetings at an international site, encouraging NIST to continue to develop more complete standards for the authentication of individuals and automated devices, proposing a starting point for consideration of supply chain vulnerabilities in the framework, and noting concerns on the difficulty in distinguishing between different implementation tiers in the framework.
“There is a great need for an organization that can provide practical solutions to cybersecurity policy problems. The coalition is ideally situated to make a positive impact,” David Hoffman, director of security policy and global privacy officer at Intel, said in a statement.
“Security companies bring unique perspectives on an array of cyber and privacy issues, and we look forward to working with the coalition to ensure that policymakers benefit from our input.” Cheri McGuire, vice president of global government affairs and cybersecurity policy at Symantec, added.