Federal Policy Agenda


of  16


Cybersecurity Principles

  • Implementation of the Cybersecurity Information Sharing Act of 2015 should facilitate a risk-based strategy by promoting the sharing of actionable cyberthreat information from government to industry, from industry to government, and among private companies.  In developing the policies and procedures to implement the Act’s information sharing requirements, the Administration should protect the privacy of data.  TechNet members are encouraged to participate in the program as it is implemented.
  • The U.S. government should share cyberthreat information with the private sector in a timely and actionable manner.  The current process does not provide companies with actionable, accurate, and timely information.
  • A comprehensive risk-based cybersecurity strategy should increase the security and resiliency of all networks, and should prepare for and mitigate against cyberattacks through the voluntary coordination of industry and government.
  • Market-based incentives should be used to encourage companies to actively manage risks in accordance with industry standards and practices.
  • Industry should be provided appropriate liability protections when participating in government cybersecurity sharing programs.
  • There should be continued support for flexible, stakeholder-driven, risk management-based approaches to cybersecurity as exemplified by the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity.  This includes: promotion of voluntary industry adoption of the Framework; promotion and/or requirement of adoption of the Framework by federal agencies; and promotion of Framework-like approaches (flexible, stakeholder-driven, risk management-based) with international partners.
805 15th Street,  NW Suite 708 Washington, DC 20005
(202) 650-5100
Privacy Policy