1
2
Volume 2
Cybersecurity Coalition to
Address Critical Policy
Issues
A group of leading providers of cybersecurity products and
services today launched the Coalition for Cybersecurity
Policy and Law, a new organization that will focus on
education and collaboration with policymakers on the
increasingly complicated legislative and regulatory policies
related to cybersecurity. Founding members of the
Coalition include Arbor Networks, Cisco, Intel, Microsoft,
Oracle, Rapid7, and Symantec.
“The members of this Coalition are dedicated to building
our nation’s public and private cybersecurity infrastructure,
and their insight and engagement must play a vital role in
the decisions being made by our government on
cybersecurity policy,” said Ari Schwartz, Coordinator of the
Coalition and former White House Special Assistant to the
President for Cybersecurity. “The range of digital threats we
face has never been greater, including criminal syndicates
and state-sponsored attacks, and this Coalition will serve
as the voice of the industry as we work with policymakers
to develop the most effective responses to those threats.”
The mission of the Coalition is to bring together leading
companies to help policymakers develop consensus-driven
policy solutions that:
• Promote a vibrant and robust cybersecurity marketplace;
• Support the development and adoption of cybersecurity
innovations; and
• Encourage organizations of all sizes to take steps to
improve their cybersecurity.
Working at the intersection between government entities,
researchers, and vendors, the Coalition will speak on
behalf of the cybersecurity industry in Congress, federal
agencies, international standards bodies, industry selfregulatory programs, and other relevant policymaking
venues.
As an initial action, the Coalition submitted comments to
the National Institute of Standards and Technology (NIST)
in response to the agency’s Request for Information on the
Framework
for
Improving
Critical
Infrastructure
Cybersecurity.
The Coalition’s comments praised the Framework as “a
flexible, adaptive, and purely voluntary construct for the
protection of critical infrastructure in the United States” that
“has achieved a substantial degree of acceptance and
March 2016 Edition
adoption by critical infrastructure industries.” More
specifically, the Coalition’s comments:
Urged NIST to consider specific issues related to the
potential spin-off of governing responsibility to a third-party
non-profit;
• Suggested that NIST hold one or more feedback
meetings at an international location;
• Encouraged NIST to continue to develop more
complete standards for the authentication of
individuals and automated devices;
• Proposed a starting point for consideration of supply
chain vulnerabilities in the Framework; and
• Outlined concerns over the difficulty in distinguishing
between different Implementation Tiers in the
Framework.
The Coalition’s full comments can be found at
cybersecuritycoalition.org.
Ari Schwartz, Coordinator of the Coalition, is a former
member of the White House National Security Council,
serving as Special Assistant to the President and Senior
Director for Cybersecurity. In that role, he led the
successful White House rollout of the Cybersecurity
Framework. Prior to the White House, Schwartz served at
theDepartment of Commerce, where he led the
Department’s Internet Policy Task Force. He is currently
Managing Director of Cybersecurity Services for Venable
LLP.
Reactions from Founding Coalition Members
“Rapidly-evolving technology issues like cybersecurity
present a difficult challenge for policymakers as they try to
develop effective and balanced policies on issues that are
changing in real time,” said Matt Moynahan, President of
Arbor Networks. “Our companies are at the leading edge of
understanding and addressing these complicated
cybersecurity issues, and we believe we can offer
invaluable experience and insight to policymakers trying to
build consensus on how best to address both current and
future challenges.”
“Cisco technologies protect customers in the public and
private sector against dynamic cyber threats, giving us a
distinct perspective on the implications of government
policy,”said Michael Timmeny, Cisco’s Senior Vice
President for Government and Community Relations. “We
look forward to engaging government leaders to develop
smart policies that improve security and reflect business
realties.”
“There is a great need for an organization that can provide
practical solutions to cybersecurity policy problems,” said
David Hoffman, Director of Security Policy and Global
Privacy Officer at Intel Corporation. “The Coalition is ideally
situated to make a positive impact.”
“As the global digital economy and our reliance on
technology both continue to grow and evolve, it will be
increasingly important to develop robust and clear
cybersecurity policy,” said Harley Geiger, Director of Public
Policy at Rapid7. “We believe the best path forward is
through strong collaboration between the security
community and policymakers.”
“Symantec is pleased to be a founding member of the
Coalition for Cybersecurity Policy and Law, as it adds an
important new voice to the policy discussions around
cybersecurity,” said Cheri McGuire, Vice President of
Global Government Affairs and Cybersecurity Policy at
Symantec. “Security companies bring unique perspectives
on an array of cyber and privacy issues, and we look
forward to working with the Coalition to ensure that
policymakers benefit from our input.”
16