Date Published: January 5, 2018
Email Questions to:
Withdrawn: May 30, 2018
This draft report to the President was developed by the Departments of Commerce and Homeland Security (the Departments) in response to Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order directed the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”
This draft reflects inputs received by the Departments from a broad range of experts and stakeholders, including private industry, academia, and civil society. The draft report lays out five complementary and mutually supportive goals intended to dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. For each goal, the report suggests supporting activities to be taken by both government and private sector actors.
The Departments invite comments by February 12, 2018 from all stakeholders regarding the issues and goals raised by the draft Report, as well as the proposed approach, current initiatives, and next steps. In particular, the Departments seek to identify additional actions to incentivize providers or users to prioritize cybersecurity. Following the completion of the public comment period, NIST will host a workshop to discuss unresolved comments and the way forward for the Report. Comments received are a part of the public record and will generally be posted without change; personal identifying information (for example, name, address) voluntarily submitted by the commenter may be publicly accessible. Please do not submit confidential business information or otherwise sensitive or protected information. The final report will be submitted to the President on or before May 11, 2018.
Keywords distributed threats; resilience; botnets; threats and vulnerabilities
Awareness and Training;
Security Assessment and Authorization;
System and Communications Protection;
System and Information Integrity;