White House Plans Cybersecurity Incentives for US Businesses

Add Your Comments

Incentives to encourage companies to adopt the US Cybersecurity Framework were introduced in a White House blog post on Tuesday.

An Executive Order signed in February by President Barrack Obama set forth the goals of the framework and the accompanying Voluntary Adoption Program. The framework is a set of best practices which are well established and widely known, but which have not been universally adopted.

“While the set of core practices have been known for years, barriers to adoption exist, such as the challenge of clearly identifying the benefits of making certain cybersecurity investments,” Special Assistant to the President and cybersecurity coordinator Michael Daniel said in a blog post outlining progress on the incentive program.

Reports issued by the Departments of Homeland Security, Commerce, and Treasury provide recommendations for incentivizing critical infrastructure stakeholders. The recommendations amount to eight areas where incentives can be established to support adoption of the Cybersecurity Framework.

The incentives will likely change, even from the broad outlines given in the blog post, as the program is developed. Some of the recommendations promote further gathering of information on suggested incentives to see if they will indeed encourage companies to adopt the framework. Some could only be offered after additional legislation is passed. For example, limiting the liability of infrastructure companies could be among the incentives adopted, but it would first require both new law and indications that it would be effective.

These determinations will be made partly based on input from industry, according to Daniel.

“Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders,” Daniel said.

Other actions recommended include measures to direct federal grants, prioritize provision of government services like technical assistance, and to “foster a competitive cyber insurance market.”

While media attention has largely focused on the new market for network security insurance, networking and technical services companies are major stakeholders in the final shape of the government incentives.

The blog post explicitly mentions existing commercial implementation solutions, which companies may be able to purchase with federal grant monies when the framework is released in February 2014.  Regardless of what incentives are chosen, if they are effective then the market for network security providers will grow to include many more utilities and critical infrastructure customers.

Add Your Comments

  • (will not be published)