EDUCAUSE Comments: NTIA Multi-Stakeholder Process for Cybersecurity Engagement

Abstract

The National Telecommunications and Information Administration (NTIA) released a request-for-comments (RFC) in Spring 2015 on behalf of the U.S. Department of Commerce’s multi-agency Internet Policy Task Force (IPTF). Entitled Stakeholder Engagement on Cybersecurity in the Digital Ecosystem, the RFC (http://www.ntia.doc.gov/federal-register-notice/2015/rfc-stakeholder-engagement-cybersecurity-digital-ecosystem) asked respondents to provide input on a range of cybersecurity issues that might benefit from multi-stakeholder collaboration. The RFC noted IPTF’s particular interest in having organizations not under the federal government’s “critical infrastructure” designation, which would include higher education, participate.

Working with our Higher Education Information Security Council (HEISC), EDUCAUSE submitted comments urging IPTF to tap the knowledge and expertise of the HEISC community in any multi-stakeholder effort it might pursue. The comments cited the Information Security Guide (http://www.educause.edu/security/guide) developed and maintained by HEISC as both an example of that expertise and a set of key focus areas from which an IPTF process might draw. In addition, EDUCAUSE suggested that IPTF consider HEISC’s “Top 3 Strategic Information Security Issues,” released in January 2015, as providing good starting points for its possible cybersecurity engagement (http://www.educause.edu/ero/article/top-3-strategic-information-security-issues).