White Paper from the U.S. Department of Commerce, U.S. Department of Homeland Security
This draft report to the President was developed by the Departments of Commerce and Homeland Security (the Departments) in response to Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order directed the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”
This draft reflects inputs received by the Departments from a broad range of experts and stakeholders, including private industry, academia, and civil society. The draft report lays out five complementary and mutually supportive goals intended to dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. For each goal, the report suggests supporting activities to be taken by both government and private sector actors.
The Departments invite comments by February 12, 2018 from all stakeholders regarding the issues and goals raised by the draft Report, as well as the proposed approach, current initiatives, and next steps. In particular, the Departments seek to identify additional actions to incentivize providers or users to prioritize cybersecurity. Following the completion of the public comment period, NIST will host a workshop to discuss unresolved comments and the way forward for the Report. Comments received are a part of the public record and will generally be posted without change; personal identifying information (for example, name, address) voluntarily submitted by the commenter may be publicly accessible. Please do not submit confidential business information or otherwise sensitive or protected information. The final report will be submitted to the President on or before May 11, 2018.
This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for “resilience against botnets and other automated, distributed threats,” directing the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets). The Departments of Commerce and Homeland Security worked jointly on this effort. They determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes:
- Automated, distributed attacks are a global problem.
- Effective tools exist, but are not widely used.
- Products should be secured during all stages of the lifecycle.
- Education and awareness is needed.
- Market incentives are misaligned.
- This is an ecosystem-wide challenge.
The Departments identified five complementary and mutually supportive goals that would dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. A list of suggested actions for key stakeholders reinforces each goal. The goals are:
- Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
- Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
- Goal 3: Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior.
- Goal 4: Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
- Goal 5: Increase awareness and education across the ecosystem.
Follow Us On Twitter