The National Institute of Standards and Technology’s (NIST) Commission on Enhancing National Cybersecurity should prioritize the NIST Cybersecurity Framework, the Cybersecurity Information Sharing Act of 2015 (CISA), and creating norms and deterrence strategies, according to officials at the U.S. Chamber of Commerce.
“Taken as a whole, the Chamber believes that the Commission’s recommendations to the next administration do not need to solve every complex cybersecurity challenge—there are too many,” Ann M. Beauchesne, senior vice president at the Chamber of Commerce, and Matthew J. Eggers, executive director of cybersecurity policy at the Chamber of Commerce, wrote in a letter to NIST.
As part of Executive Order 13718, the Commission on Enhancing National Cybersecurity recently closed a request for information (RFI) asking for recommendations on what the commission should advise to the next administration.
“The commission should seek to (1) maintain the momentum of quality initiatives, particularly the joint industry-NIST Framework for Improving Critical Infrastructure Cybersecurity (the Framework) and the new information-sharing law,” wrote Beauchesne and Eggers. “The commission should also (2) examine ways to boost adherence to international norms and deterrence. The chamber recognizes that imposing costs on malicious actors is complicated. Policymaking will require engaging the business community, making trade-offs, and allowing time for thinking to mature.”
The letter also includes the Chamber of Commerce’s policy statement on Cybersecurity Norms and Deterrence from June 2016, which supports an open Internet, global cybersecurity norms, and partnerships between governments and the private sector.