Big hitter cyber firms launch new policy coalition

The Coalition for Cybersecurity Policy and Law aims to work with policymakers on complicated regulatory issues.

Seven major cybersecurity companies are forming an industry coalition that will seek to work closely with legislators and policymakers to shape the increasingly complex regulatory framework of Internet privacy and security.

Launched Thursday, the Coalition for Cybersecurity Policy and Law — comprised of Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7 and Symantec — is founded on three major principles: stimulating the cybersecurity market place; encouraging cybersecurity innovation; and catalyzing the widespread adoption of cybersecurity initiatives across organizations from small to large.

“The members of this Coalition are dedicated to building our nation’s public and private cybersecurity infrastructure, and their insight and engagement must play a vital role in the decisions being made by our government on cybersecurity policy,” Ari Schwartz, coordinator of the coalition and former White House special assistant to the president for Cybersecurity, said in a statement. 

“The range of digital threats we face has never been greater, including criminal syndicates and state-sponsored attacks, and this Coalition will serve as the voice of the industry as we work with policymakers to develop the most effective responses to those threats,” he said.


The move comes scarcely a week after the White House announced the formation of The Federal Privacy Council, an interagency group designed to exchange best practices within branches of government.

The coalition’s inaugural action was to submit a response to the National Institute of Standards and Technology’s request for information on the Framework for Improving Critical Infrastructure Cybersecurity. In the eight-page document, the coalition declares the framework a “success.”

“Three years after the issuance of Executive Order 13636, and two years after NIST’s publication of Version 1 of the Framework, it has emerged as a flexible, adaptive, and voluntary construct for the protection of critical infrastructure in the United States,” the statement reads. “Equally as important, in spite of its voluntary nature, the Framework has achieved a substantial degree of acceptance and adoption by critical infrastructure industries in the United States.”

The comments urged NIST to hold international feedback sessions and suggested ideas to hone the framework, including the establishment of more clearly delineated cybersecurity tiers.

“As the global digital economy and our reliance on technology both continue to grow and evolve, it will be increasingly important to develop robust and clear cybersecurity policy,” said Harley Geiger, director of public policy at Rapid7. “We believe the best path forward is through strong collaboration between the security community and policymakers.”

Latest Podcasts