Swift Implementation of CENC Cybersecurity Recommendations Needed, Pritzker Says
Secretary of Commerce Penny Pritzker urged swift implementation of Commission on Enhancing National Cybersecurity recommendations to the White House, saying Tuesday the U.S. is at a “moment of reckoning” in this area. The private sector must play an active role in implementing the CENC recommendations, given the commission's emphasis on public-private partnerships to improve U.S. cybersecurity, Pritzker said during a USTelecom event. Friday's suggestions were short-term and long-term measures for the incoming administration of President-elect Donald Trump (see 1612020050).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Pritzker highlighted several CENC “strategic imperatives,” including “baking” cybersecurity into the development of IoT-connected devices, improving cybersecurity workforce training and building “new structures” for public-private collaboration on cyber issues. Pritzker noted the important role the National Institute of Standards and Technology's Cybersecurity Framework played in the CENC recommendations, which she said could aid the commission in moving “beyond traditional compliance.”
A “checklist” approach to dealing with cybersecurity can't defend against ever-growing cyberthreats like the October distributed denial-of-service attacks against DynDNS, Pritzker said. She encouraged development of “sector-specific best practices” that use the NIST framework as a guide and associated metrics. CENC Executive Director Kiersten Todt denied the recommendations take a mostly anti-regulatory approach, saying the commission was careful to say that when the private sector isn't able to succeed on its own, “regulation needs to come into play.” CENC was pleased with its balance between prescriptive and strategic recommendations, as it “opened the door” for an evolution in the government's approach to cybersecurity issues, Todt said. She also discussed the report at an event earlier this week (see 1612050044).
CENC hopes the incoming Trump administration will view the recommendations as “an opportunity” and that the commission is now free to brief Trump's transition team on the report, since the White House had a chance to review it, Todt said. The White House wanted to ensure in setting up CENC earlier this year via the Cybersecurity National Action Plan that the commission be “an attempt to take a totally nonpartisan set of experts” and make recommendations “that don't know a political party,” said Department of Commerce Senior Policy Adviser-Cybersecurity Clete Johnson. He used to work at the FCC.
Improving IoT cybersecurity is one of several areas in which a combination of short-term and long-term strategies is needed, Todt and others said. The onus for cybersecurity of connected devices must eventually move up the development chain but in the short term informing consumers via a proposal for the development of a cybersecurity equivalent of an “Energy Star-type” rating label for tech devices and services that rates their cyber protections, Todt said. FCC Chairman Tom Wheeler separately said in a Friday letter to Sen. Mark Warner, D-Va., that addressing IoT threats remains an “imperative and should not be stalled” by the transition to the Trump administration. The agency “had to postpone some” of its planned next steps for addressing cybersecurity issues amid the presidential transition, Wheeler said.
The Senate Commerce Committee welcomes the CENC report because it demonstrates the challenges the U.S. faces in cybersecurity in the coming years, said committee staffer Cherilyn Pascoe. It highlighted many of the cybersecurity-related issues Senate Commerce has worked on in recent years, including promotion of industry use of the NIST framework and enhancing public-private partnerships, Pascoe said. “We think we have a key role” to play in ensuring the document leads to policy solutions, she said.