As part of the Executive Order  signed by President Obama last month directing agencies to use their existing authorities and work with the private sector to better protect our nation’s power, water, and other critical systems, the Commerce Department is preparing a report on ways to incentivize companies and organizations to improve their cybersecurity.  To better understand what stakeholders –  such as companies, trade associations, academics and others – believe would best serve as incentives, the Department has released a series of questions to gather  public comments in a Notice of Inquiry published today.

The national and economic security of the United States depends on the strength of our nation’s critical infrastructure. The cyber threat to critical infrastructure is growing, and represents one of the most serious national security challenges that the United States must confront. As the President stated in the Executive Order, “repeated cyber intrusions into America’s critical infrastructure demonstrate a need for improved cybersecurity.”

As a first step toward protecting critical infrastructure, the Executive Order tasks the Department of Homeland Security (DHS) to identify the systems that could be affected by a cybersecurity incident which could in catastrophic regional or national effects on public health or safety, economic security, or national security.  Second, the National Institute of Standards and Technology (NIST) will develop a framework consisting of a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. This Cybersecurity Framework will provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach to improving cybersecurity, which will help owners and operators of critical infrastructure identify, assess and mange cyber risk. Third, DHS will work with sector-specific agencies to develop the Critical Infrastructure Cybersecurity Program to promote voluntary adoption of the Framework.

Today, President Obama declared March 4-10, 2012 as National Consumer Protection Week, building on a coordinated effort that encourages consumers nationwide to take full advantage of their consumer rights and make better-informed decisions. The Commerce Department is using this occasion to showcase the efforts of our Internet Policy Task Force, which is leveraging the expertise of several Commerce bureaus that are aimed at ensuring continued innovation in the Internet economy and preserving consumer trust in Internet commerce and online interactions. In particular, the Task Force continues to move forward in our work to promote new efforts that will lead to improved Internet privacy protection and better security for consumers online.

 In February, the Obama administration unveiled a “Consumer Privacy Bill of Rights” as part of a comprehensive blueprint to improve consumers’ privacy protections and ensure that the Internet remains an engine for innovation and economic growth. The president’s report called on the Commerce Department’s NTIA to begin convening companies, privacy advocates and other stakeholders to develop and implement enforceable privacy policies based on the Consumer Privacy Bill of Rights.

NTIA is now moving forward and seeking public input on what issues should be addressed through the privacy multistakeholder process and how to structure these discussions so they are open, transparent, and most productive. Today, NTIA issued a formal request for comment (PDF). The comment period will remain open until March 26, 2012.

As NTIA Administrator Lawrence Strickling illustrated last week, we hope to receive meaningful suggestions and input from a range privacy stakeholders.  Their continued involvement will be key for the future of consumer protection and we need your help to make it a success.

The report, “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” (PDF) resulted from a comprehensive review of Internet privacy policy and innovation in the Internet economy lead by the Commerce Department’s Internet Policy Task Force.

Guest blog post by Simon Szykman, Chief Information Officer, U.S. Department of Commerce

You missed it! The Department of Commerce's Office of the Chief Information Officer (OCIO) hosted its inaugural Innovating Security Conference to increase knowledge and awareness of various initiatives, exchange information and ideas, and engage in discussions on ways to further protect and strengthen the security posture of the department’s information systems. Facing security threats that are evolving and growing in sophistication, while at the same time anticipating a constrained outlook for the future due to budget pressures, it is imperative for organizations across the department to pursue improvements in both efficiency and effectiveness by examining operations, collaborating on common objectives, improving information sharing, and identifying opportunities to leverage one another’s independent activities.

The two-day conference is one means of moving toward a higher level of efficiency and effectiveness by emphasizing internal collaborations and open dialogue. The conference included participation and invited speakers from Commerce, as well as from other federal agencies and the private sector, in order to leverage their best practices, lessons learned and knowledge in areas related to information system security. In addition to keynote and panel sessions, service offerings of Commerce internal service providers as well as industry vendors were highlighted during the event.

Guest blog post by Leslie Harris, President and CEO of the Center for Democracy & Technology.

Today the Administration released an ambitious, long-term strategy document called the National Strategy for Trusted Identities in Cyberspace (NSTIC). The Strategy puts forth a vision where individuals can choose to use a smaller number of secure, privacy-preserving, and convenient online identities. This would be a shift away from today’s norm of numerous usernames, passwords, and online accounts scattered across the Web.

Importantly, the Administration has turned to the private sector to make this vision a reality. The Strategy is not a national ID program—in fact, it’s not an ID “program” at all. It is a call for leadership and innovation from private companies. The government’s role must now be to advocate for its citizens and to support the development of a fair and useful system.

Why should the American people care about a “strategy” for Internet identity?

First, a growing number of our Internet transactions require an identity. We’re continually prompted to create new accounts to participate in online social networking, shopping, banking, and forums. Most of us have no idea how our identifying information will be used or shared. It certainly doesn’t help that we have to offer a fresh set of information to every new service that comes along. Without a new approach, this trend will continue. We deserve better control over our identity and stronger assurances that it will not be misused. Innovation isn’t slowing down; we have to catch up.