On March 13, the U.S. Department of Commerce’s Internet Policy Task Force (the IPTF or Task Force) published a request for comment (RFC) seeking public input on cybersecurity issues facing the digital economy. The ITPF is composed of the National Telecommunications and Information Administration (NTIA), the National Institute of Standards and Technology (NIST), the U.S. Patent and Trademark Office (USPTO), and the International Trade Administration (ITA).
Through the RFC, the IPTF is looking for cybersecurity issues that could best be addressed via a multi-stakeholder process involving Internet service providers, application developers, cloud and content providers, and a variety of other interested and relevant parties (including higher education). Such efforts would be geared towards promoting innovation and improving security and user trust in the digital economy. The RFC includes several suggested topics, such as the vulnerability disclosure process, web security, defensive measures against malware, and managed security services.
EDUCAUSE submitted comments to the Task Force on May 12, urging it to utilize the Higher Education Information Security Council (HEISC) as a primary resource for understanding the higher education community’s perspective on any initiatives pursued through the multi-stakeholder process. As an example of the Council’s knowledge and expertise, EDUCAUSE pointed to HEISC’s Information Security Guide: Effective Practices and Solutions for Higher Education, which is a comprehensive and evolving resource for colleges and universities to use when implementing cybersecurity policies and practices. EDUCAUSE noted that the guide would provide the Task Force with key indicators of higher education views on several questions raised in the RFC. In addition, the association highlighted a recently published EDUCAUSE article on the top three strategic information security issues in higher education as a source of topics that the IPTF might use in starting a multi-stakeholder process.