Global technology groups release common cybersecurity goals

Three international technology associations released a joint statement (.pdf) June 21 laying out a common set of principles for governments' cybersecurity policies.

DIGITALEUROPE, the Japan Electronics and Information Technology Industries Association and the Information Technology Industry Council say cybersecurity policies under consideration by governments should be developed in a collaborative way, in order to better ensure coordinated protection against cyber threats.

Among the 12 principles laid out by the groups is the notion that cybersecurity policies should not dictate procurement restrictions based on country of origin of technology vendors.

"Product security is a function of how a product is made, used, and maintained, not by whom or where it is made," says the document.

The groups say cybersecurity requirements should also avoid forced transfer or review of source code and other intellectual property. The principles also note that cybersecurity requirements may be more stringent when it comes to government intelligence and military networks, but recommend against extending such "prescriptive requirements" to other areas of government and commercial companies or infrastructure

The groups urged governments to develop cyber policies in a transparent and participatory manner. The shared principles also say policies should be able to adapt to market changes, and requirements should be technology-neutral.

The groups say cybersecurity policies should encourage the development of globally-recognized, "industry-led, voluntary consensus security standards best practices, assurance programs and conformity assessment schemes."

For more:
- download the joint statement (.pdf)

Related Articles:
Revised McCain cybersecurity bill still doesn't protect privacy, say critics
Spend less on cyber-defense and more on prosecution, says report
Senators urge action on cybersecurity bill