Editor’s Note: Would not the proposal below cripple the American economy since it calls for all technology to be government designed and approved. Economic suicide as a cyber security strategy?
From: FCW | Comment
We need a governance system — to include enforcement, incentives and penalties — to ensure effective implementation of stronger security design practices.
By Trevor H. Rudolph
***
What I propose is that a new or existing federal agency be charged with governing, incentivizing and enforcing security design standards for technology products. Existing agencies that could play this role include the National Institute of Standards and Technology, the Federal Trade Commission or the Consumer Products Safety Commission, but expanding the authority of an existing agency can be difficult due to skill set and cultural barriers. An entirely new organization would be preferable.
Regardless, the proposed organization — call it the Consumer Technology Security Commission — would be responsible for:
- Coordinating the development of security design standards and partnering with Congress to mandate relevant standards;
- Building an accreditation and certification program; and
- Enforcing quality through regular testing by third-party assessors and conducting recalls, when appropriate.
Leave a Reply