Trust Needed on Cybersecurity: Commerce Secretary

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George R. Lynch

Sept. 27 — Government and private industry must do better at collaborating and speaking the same language when it comes to protecting the country’s digital infrastructure from cyberattacks, Commerce Secretary Penny Pritzker said Sept. 27.

“The problem is that relationships between regulators and the businesses they regulate are inherently adversarial—NOT collaborative,” Pritzker said in her prepared remarks for a keynote address at the U.S. Chamber of Commerce’s Cybersecurity Summit. “Trust is the linchpin of the digital economy. Failure to cultivate that trust will not only leave us vulnerable to attacks on critical infrastructure, but risk slowing the pace of American innovation,” she said.

“The only way we will be able to combat the growing number of cybersecurity threats that are endangering our nation’s national and economic security is if industry and government work together, which is a central theme of our summit today,” Ann Beauchesne, senior vice president for national security and emergency preparedness at the U.S. Chamber of Commerce, said.

Commerce is the primary government department in charge of promoting U.S. business interests and is the home of the National Institute of Standards and Technology (NIST), which sets cybersecurity technical standards. The internet is the greatest platform for commercial innovation and Commerce is acutely aware of the need to secure that asset, she said.

The constant evolution of cybersecurity threats from nation states, hackers and terrorists makes it unrealistic for either the government or private industry defend against these threats alone, she said.

Build on Existing Cooperation

The relationship between government and industry needs to be repaired to reestablish trust, Pritzker said. A recent cybersecurity recommendation by the Federal Communications Commission is an example of how trust should be rebuilt. In applying NIST’s Cybersecurity Framework across the communications sector, the FCC proposed the establishment of a mechanism where companies can voluntarily engage with regulators in a setting that would allow companies to share information that cannot be used against them. Pritzker described it as “reverse Miranda protection.”

She touted the work that the National Telecommunications and Information Administration has done with industry stakeholders on internet of things security.

Pritzker also praised the close collaboration between NIST's National Cybersecurity Center for Excellence and industry and academics. NIST's Cybersecurity Framework “is a common language for risk management created by industry, for industry,” she said. “It’s widely accepted as the primary tool for businesses to evaluate their cybersecurity posture.

“We welcomed Secretary Pritzker’s remarks and echo her call for greater utilization of the NIST framework as well as policies that will encourage more collaboration between the public and private sectors by enabling open and honest engagement in real time,” Beauchesne said.

To contact the reporter on this story: George R. Lynch in Washington at glynch@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Jimmy H. Koo at jkoo@bna.com

For More Information

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.