Cyber Commission Seeks Public Comments on Enhancing Cybersecurity in the Digital Economy

Six months ago, the Obama Administration embarked on an ambitious Cybersecurity National Action Plan, including the establishment of the Commission on Enhancing National Cybersecurity to craft recommendations to the President for improving cybersecurity across the public and private sectors. This week, the Commission took what is expected to be the first of many steps to make good on that mandate. The Commission, in conjunction with the National Institute of Standards and Technology (NIST), issued a Request for Information (RFI) seeking comments on a wide-range of topics relevant to cybersecurity in the evolving "digital economy." Interested parties will need to act quickly, with comments due no later than September 9, 2016.

The Commission is specifically seeking input on "current and future cybersecurity challenges," and "promising and innovative solutions to address those challenges" for a variety of topics, including

• Critical infrastructure cybersecurity
• Cybersecurity insurance
• Cybersecurity research and development
• Federal governance
• Identity and access management
• International markets
• Internet of things

The Commission is also seeking input on a broad range of cybersecurity-related issues, including the impact of emerging technology, economic and other incentives for cybersecurity improvements, and government-private sector coordination and cooperation on cybersecurity. Notably, the Commission wants to "build on successful existing cybersecurity policies [and] public-private partnerships" and seeks "input from those who have experienced significant cybersecurity incidents to understand lessons learned from these experiences, including identifying any barriers to awareness, risk management, and investment."

The RFI, like the Commission's mandate, recognizes the importance of continuing to "bolster[] partnerships between Federal, State, and local government and the private sector," consistent with the White House's earlier information-sharing initiatives. Comments submitted in response to the RFI will likely inform the Commission's eventual recommendations, which are due to the President by December 1, 2016, and will be made public 45 days after that submission.

The NIST information request thus presents an opportunity for companies to help shape the cybersecurity dialogue in the coming years, share best practices developed over time in the private sector, and anticipate and manage risks associated with current and future business opportunities in both the public and private sectors.