The principles and report can be found here.
- Public-private frameworks are essential to successfully protect United States assets, infrastructure, and economic interests from cybersecurity attacks.
- Robust information sharing and collaboration between government agencies and private industry are necessary to manage global cyber threats.
- Legal and policy environments must be modernized to stay ahead of or, at a minimum, keep pace with technological advancements.
- Privacy and civil liberties must remain a priority when developing cybersecurity law and policy.
- Training, education, and workforce development of government and corporate senior leadership, technical operators, and lawyers require adequate investment and resourcing to be successful.
The report contains commentary and background.
Daniel McGraw had these five criticism of the principles and commentary:
- The draft describes privacy and civil liberties as “a priority”. To my mind, that vastly understates the importance of both. The potential for government and private-sector mischief (and worse) is palpable in this area.
- Similarly, the draft does not mention international human rights, which may play out differently than civil liberties regarding cybersecurity and which are relevant in part because these activities will not be solely domestic in scope or reach, I imagine.
- Because this effort will inevitably involve international cooperation, some mention of the concepts and processes that should apply with respect to international efforts would seem called for.
- The draft does not mention any aspect of civil society other than private industry. Surely President Eisenhower is sitting up in his grave. Moreover, even if it were decided to restrict participation in these decisions and processes solely to government and industry, other parts of society would not acquiesce and seek involvement, so it would make sense to acknowledge that potential involvement and think about what form it can best take now.
- The draft does not mention the need for judicial oversight or overall accountability for abuses, etc. This is remarkable, particularly coming from a law organization and even more particularly coming from the ABA.