In order to meet the cybersecurity needs of today’s increasingly interconnected digital world, policymakers and industry leaders must focus efforts on educating and training a highly-skilled workforce, modernizing government Information Technology (IT), and building long-lasting public/private partnerships.  TechNet will promote the adoption and use of voluntary, adaptable, risk management-based approaches to meet this changing environment and effectively manage cybersecurity risk.  TechNet supports the following principles and objectives:

  • Alignment of policies, legislation, regulations, and guidance with flexible, stakeholder-driven, risk management-based approaches to cybersecurity.
    • Promotion of voluntary private sector adoption of the Framework for Improving Critical Infrastructure Cybersecurity (Framework);
    • Further guidance on the implementation of President Biden’s Executive Order on Improving the Nation’s Cybersecurity;
    • Further guidance for and oversight of Framework adoption by federal agencies, per Executive Order 13800; and promotion of Framework-like approaches (adaptable, stakeholder-driven, risk management-based) with international partners;
    • Appropriate implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022;
    • A comprehensive risk-based cybersecurity strategy that increases the security and resilience of all networks, and prepares for and mitigates cyberattacks through the voluntary coordination of industry and government;
    • Policy and market-based incentives, including federal regulatory safe harbors, to encourage companies to actively manage risks in accordance with industry standards and best practices;
    • Avoidance of regulations that complicate compliance and do not provide commensurate benefits for cybersecurity interests.
    • Improved accountability, reporting requirements, and uniform standards for federal agencies as they comply with cybersecurity laws, regulations, and executive actions;
    • Public/private initiatives that support improving the cyber defense capabilities of small businesses;
    • Harmonization of conflicting requirements in the private sector with attention paid to reducing duplicative and conflicting reporting requirements to minimize time, expense, and complexity of compliance;
    • To promote the public/private sharing of accurate and helpful information, federal use restriction/liability protections should be clear to incentivize sharing, disclosures should be protected from public access and retain all legal privileges, and the private sector should be allowed sufficient time to report confirmed intrusions; and
    • Addressing cyber threats to the supply chain of the National Industrial Base.
  • Support for the development of the U.S. Trust Mark Initiative, a voluntary cybersecurity labeling program for Internet of Things (IoT) devices and products, to leverage market forces to drive cybersecurity in IoT.
  • Funding and implementation of the Modernizing Government Technology Act that focuses on driving down cybersecurity risk. Agencies must report on existing networks that cannot be fixed and must be replaced.
  • Continued adherence to the Cybersecurity Information Sharing Act of 2015, which facilitates a risk-based strategy by promoting the sharing of actionable cyberthreat information from government to industry, from industry to government, and among private companies.
  • The U.S. government should promote greater sharing of cyberthreat information with the private sector in a timely, straightforward, and actionable manner, and ensure government agencies are funded and staffed with the necessary resources to efficiently manage the collection of data. The federal government should track and publish its own performance metrics, including the amount of time that occurs from (1) breach-to-detection, (2) detection-to-response, and (3) detection-to-sharing of the cyberthreat indicators.
  • Appropriate liability protections when participating in government cybersecurity sharing programs.
  • Regulators should be cognizant of sector-specific risks and build off of existing successful sector-specific regulations.
  • Government efforts to develop norms that support an open, secure, stable, accessible, and peaceful cyberspace. Cyberattacks by state and non-state actors threaten international and national security, democratic processes, the global economy, the free flow of ideas and information, and the safety, security, and privacy of individuals.
  • An increase in attention for cybersecurity in international forums, including the G20, and increased U.S. Government engagement in international bodies, such as the UNECE World Forum for the Harmonization of Vehicle Regulations (WP.29).
  • No federal government mandates on the design of products and services. The federal government should be particularly careful to avoid requirements that could weaken the security of technology used to protect sensitive personal information and critical systems.
  • Cybersecurity efforts at the federal and state levels to protect the integrity of election systems and related information technology infrastructure.
  • A renewed focus on enhancing attribution and bringing cyber criminals to justice.
  • Education, workforce, and immigration policies and initiatives that help the U.S. develop and retain the world’s best cyber workforce.
  • Additional funding for states to procure consolidated cybersecurity services on behalf of local entities to thwart the increasing ransomware attacks against our local government systems and school districts — because cybersecurity efforts at the district and county level will never scale to enable a reasonable defense in this threat environment.
  • The continuation and further development of Information Sharing and Analysis Centers (ISACs) that provide critical infrastructure owners and operators a forum to detect, share, and analyze cyber threat information.
  • Congress should act:
    • Federal legislation is needed to provide harmonized and consistent standards throughout the U.S. to set cybersecurity guidelines and security expectations.  Federal legislation should be tech- and sector-neutral and apply to online and offline entities alike that collect and process personal information.
    • Congress and other federal and state government entities must be collaborative partners in advancing the protection of consumers and the furtherance of innovation in the 21st-century data-driven economy.
    • Congress and the Administration should consider and incorporate certain national and international frameworks, with a particular focus on interoperability and secure data flows, as they develop a framework for baseline legislation.
  • Additional funding for federal and state agencies to invest in educational programs, tools, and other resources that help U.S. small businesses better protect themselves from the increasing amount of cyberattacks.

Other Policy Agendas

Privacy

January 1, 2024

Read More

Artificial Intelligence

January 1, 2024

Read More

Cybersecurity

January 1, 2024

Read More