ISA Agriculture Sector Recommendations and the Presidential Commission on Enhancing National Cybersecurity

June 7, 2017

ISA Agriculture Sector Recommendations

Source: Chapter 11 of The Cybersecurity Social Contract: Implementing a Market-Based Model for Cybersecurity

Presidential Commission on Enhancing National Cybersecurity
Increase Awareness
“Neither branch of government gives food and agriculture cybersecurity the attention it demands. We’re certainly not calling for Congress or the executive branch to enact new regulations. But executive branch agencies charged with interacting with the sector should recognize cybersecurity for the priority issue it is. At the very least, the FDA and USDA should start educational programs promoting good cybersecurity practices among sector industries.” Commission Foundational Principle Six:

Effective cybersecurity depends on consumer and workforce awareness, education, and engagement in protecting their digital experience. This effort must be a continuous process and advance individuals’ understanding and capabilities as vital participants in shaping their own—and the nation’s—cybersecurity. Nevertheless, to the maximum extent possible, the burden for cybersecurity must ultimately be moved away from the end user—consumers, businesses, critical infrastructure, and others—to higher-level solutions that include greater threat deterrence, more secure products and protocols, and a safer Internet ecosystem.

Commission Action Item 3.1.2: Within the first 100 days of the new Administration, the White House should convene a summit of business, education, consumer, and government leaders at all levels to plan for the launch of a new national cybersecurity awareness and engagement campaign. (SHORT TERM)

Commission text: New initiatives should be undertaken at an even more ambitious scale aimed at reaching a larger audience and delivering a small number of clear and consistent messages on specific cybersecurity issues more frequently and across a wider variety of communications channels.

“As is the case with all sectors, increasing cybersecurity will cost money. In some sectors it may be comparatively easy to address the economics of cybersecurity, such as by building cost recovery into the rate base of a regulated industry. Finding the needed funding for cybersecurity in the agriculture and food industries may not be as simple.” Commission Foundational Principle 10: The right mix of incentives must be provided, with a heavy reliance on market forces and supportive government actions, to enhance cybersecurity. Incentives should always be preferred over regulation, which should be considered only when the risks to public safety and security are material and the market cannot adequately mitigate these risks.

Commission Action Item 1.4.5: The government should extend additional incentives to companies that have implemented cyber risk management principles and demonstrate collaborative engagement. (SHORT TERM)

Commission text: Incentives must play a more substantial role in building a cybersecure nation. To accomplish this goal, the next Administration and Congress should pass legislation that provides appropriate liability protections for businesses that engage in cyber risk mitigation practices that are consistent either with the Cybersecurity Framework or with common industry segment practices, and that engage in cyber collaboration with government and industry.