BSA Cybersecurity Policy

About the Site

The world is more connected now than ever. Half the world’s population is now online, and billions of connected devices are connecting a wide variety of our daily activities to the Internet of Things. While these online connections bring opportunity, they also create risk, including large-scale data theft, privacy violations, phishing scams, ransomware, and malicious information operations that affect millions of people around the world each year.

Addressing this challenge to the digital economy, requires innovative cybersecurity practices and tools to defend the integrity, privacy, and utility of the Internet ecosystem. Although businesses, private citizens, and government agencies all share responsibility for enhancing cybersecurity, the government plays a singular role.

BSA Cybersecurity Agenda

Click the icons to expand the area.

To secure cyberspace against evolving threats and growing risk, BSA advocates a robust partnership between government and industry to:

Promote a Secure Software Ecosystem

Promote a secure software ecosystem by creating industry benchmarks, developing tools to understand critical information, and strengthening security research and vulnerability disclosure.

Establish an industry benchmark for software security

Support development of a set of widely recognized, industry-driven software development and management best practices to elevate cybersecurity practices

BSA TechPost: Tech Takes Security Into Its Own Hands April 17, 2018

Develop tools to communicate critical cybersecurity information to consumers and enterprise stakeholders

Establish widely used, market-driven tools for providing relevant cybersecurity information to consumers and enterprise stakeholders to inform purchasing decisions, network operation, and risk management

BSA Testimony Before House Financial Services Subcommittee on “Examining the Current Data Security and Breach Notification Regulatory Regime” February 14, 2018
BSA Letter on Federal Data Breach Notification Standard January 5, 2018

Strengthen identity management

Work to expand adoption of identity management technologies across public and private sector organizations, and to increase emphasis on identity management in cybersecurity policies and frameworks

Promote security research and vulnerability management

Strengthen investment in security research aligned to coordinated vulnerability disclosure programs, and ensure the policy environment is conducive to research that drives stronger cybersecurity.

Create a Stronger Government Approach to Cybersecurity

Strengthen government’s approach to cybersecurity by modernizing government IT, harmonizing federal cybersecurity regulations, and incentivizing adoption of the NIST framework

Modernize government IT

Invest in IT infrastructure for federal, state, and local governments with an eye toward cybersecurity, including through adoption of cloud computing, defense-in-depth, continuous monitoring, data analytics, and other innovative security technologies

BSA Comments on White House IT Modernization Plan September 20, 2017

Harmonize federal cybersecurity regulations

Review regulations and standards across sectors, identify redundancies and conflicts with the NIST Framework, and promote a consistent, cross-sector approach to federal cybersecurity policies

Improve cybersecurity in government acquisition

Incentivize cybersecurity by creating competition for cybersecurity performance in government acquisition processes

Strengthening Cybersecurity Through Value-Based IT Procurement February 15, 2018

Pursue international consensus for cybersecurity action by supporting international standards development as well as adopting and streamlining international security laws

Incentivize adoption of the NIST Framework

Develop tax, acquisition, and other incentives to encourage adoption of the NIST Framework

BSA Comments on Draft Update of the Framework for Improving Critical Infrastructure Cybersecurity January 19, 2018

Pursue International Consensus for Cybersecurity Action

Pursue international consensus for cybersecurity action by supporting international standards development as well as adopting and streamlining international security laws

Harmonize global cybersecurity laws to align security and economic growth

Support both cybersecurity and economic growth by promoting harmonization of laws and policies across countries to foster innovation, security advancements, free flows of data, and market access

Report: BSA International Cybersecurity Policy Framework April 25, 2018
Brief: The Wassenaar Arrangement December 7, 2015
BSA Comments on Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items July 20, 2015

Advance international cybersecurity norms

Encourage international dialogue and drive agreements on cybersecurity practices in bilateral and multilateral frameworks

Support international standards development and adoption

Support industry and non-governmental efforts to develop and update international standards. Encourage global adoption of international standards

Cybersecurity Threats Defy National Borders, so Countries Should Collaborate, Not Clam Up May 1, 2018

Develop a 21st Century Cybersecurity Workforce

Develop a 21st century cybersecurity workforce by increasing access to computer science education and opening new paths to cybersecurity careers

Increase access to computer science education

Expand cybersecurity education for K–12 as well as in undergraduate computer science programs, increase scholarships, and incentivize minority students

Innovation, Competitiveness, Opportunity: A Policy Agenda to Build Tomorrow’s Workforce May 2, 2018
BSA Letter on National Defense Authorization Act Priorities October 7, 2017
BSA Comments on NIST Workforce Development August 4, 2017

Promote alternative paths to cybersecurity careers

Launch careers through apprenticeship programs, community colleges, cybersecurity “boot camps,” and government or military service

Innovation, Competitiveness, Opportunity: A Policy Agenda to Build Tomorrow’s Workforce May 2, 2018
BSA Comments on NIST Workforce Development August 4, 2017

Modernize training for mid-career professionals

Reform Trade Adjustment Assistance, and update other mid-career re-training programs, to provide American workers with high-demand cybersecurity and IT skills as digitalization transforms the global economy

Innovation, Competitiveness, Opportunity: A Policy Agenda to Build Tomorrow’s Workforce May 2, 2018
BSA Comments on NIST Workforce Development August 4, 2017

Improve the exchange of cybersecurity professionals between the government and private sector

Enable private sector experts to join the government for periodic or short-term assignments

Advance Cybersecurity Through Digital Transformation

Advance cybersecurity by embracing digital transformation, leveraging the potential of emerging technologies and forging innovative partnerships to combat emerging risks

Leverage emerging technologies to enhance security

Target investments and constructive policies to capitalize on the tremendous potential of artificial intelligence, quantum computing, blockchain, and other emerging technologies to enhance security

Primer: Understanding AI December 14, 2017

Help Smart Cities stay cyber resilient

Provide planning support, threat information, and incident response support to municipal planners and managers to enhance the resilience of Smart Cities against cyber threats