As the world grows increasingly interconnected, and the cyber threat landscape becomes more pernicious and sophisticated, the information and communication technology (ICT) industry is working to foster a resilient cybersecurity environment through communication and information sharing across industry, government, and international boundaries; developing flexible risk management tools that allow organizations to respond and adapt quickly when attacks occur; and advancing and enabling good cyber hygiene practices from the factory floor to the hands of the user.
TIA supports policies including:
- Promoting a safe cyber environment: Advances in technology can provide unforeseeable benefits to our quality of life, but maintaining the trust and security of information and systems is critical when promoting the use of these technologies. Industry and government must collaborate to secure the cyber ecosystem in order to ensure the safety of consumers’ data.
- Industry-driven, dynamic, flexible risk management: Rigid regulatory requirements cannot keep pace with rapidly evolving technologies and threats and require industry to comply with obsolete security requirements rather than addressing real-time threats, effectively making systems less secure. Policymakers should continue to pursue multistakeholder efforts that develop common understanding of cyber risk management, promote best practices, and provide sufficient resources to address current and emerging threats.
- A collaborative, grassroots approach for ecosystem threats: Good cyber hygiene requires security by design and intentionality regarding what gets connected and what does not. But given that nearly all devices and systems will at some point be compromised, policymakers and enterprises must operate from a risk-based mindset rather than worst-case scenario while balancing good cyber hygiene with the ability to mitigate damage after attacks occur.
- Broad consumer and industry education on cybersecurity best practices: Cyber resilience requires collective effort at every level of the ecosystem including a common understanding of best practices and the ability to communicate across industries and degrees of expertise.
- Affordability and feasibility for small businesses: Policymakers should avoid creating regulatory barriers to small businesses and new entrants participating in the IoT ecosystem so that all size players can participate.
- Prioritizing federal research funding for ICT cybersecurity research and development: The advent of distributed trust technologies and developments in quantum computing have let to systems on the verge of major change. To remain competitive in international markets and defend against foreign adversaries, the United States must invest in and encourage investment in cutting-edge ICT research.