Incentives for Cybersecurity

Paul Rosenzweig
Tuesday, August 6, 2013, 2:02 PM
Consistent with the earlier cybersecurity Executive Order, the Administration has been working on ways of incetivizing the private sector to adopt the Cybersecurity Framework under development by NIST.  Earlier today, the White House announced the outlines of its incentives policy.  It anticipates offering incentives in 8 separate areas:
  • Cybersecurity Insurance 
  • Grants
  • Process Preference

Published by The Lawfare Institute
in Cooperation With
Brookings

Consistent with the earlier cybersecurity Executive Order, the Administration has been working on ways of incetivizing the private sector to adopt the Cybersecurity Framework under development by NIST.  Earlier today, the White House announced the outlines of its incentives policy.  It anticipates offering incentives in 8 separate areas:
  • Cybersecurity Insurance 
  • Grants
  • Process Preference
  • Liability Limitation
  • Streamline Regulations
  • Public Recognition
  • Rate Recovery for Price Regulated Industries
  • Cybersecurity Research
The announcement is short on details, but long on ambition.   And I have not yet found (much less read) the underlying  reports.  But if fully implemented to the maximum extent permitted by existing law, these types of changes would put a significant effort behind efforts to drive the public sector toward the NIST security model -- all without the need for Congressional legislation.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare