White House outlines possible incentives for cybersecurity framework

White House outlines possible incentives for cybersecurity framework

Summary: Most of the suggested incentives are based upon "known practices that many firms already do, in part or across the enterprise and across a wide range of sectors."


The White House has published a new list of incentives designed to foster adoption for a national cybersecurity framework.

See also: White House nominates venture capitalist as new FCC chairman | White House takes a stand on tech patent wars with several recommendations

The framework follows up an Executive Order signed by President Obama earlier this year for increasing and improving the management of cyber risk.

Thus, the list of incentives are being spun around three primary topics: information sharing, privacy, and adoption of cybersecurity practices.

Some of the incentives being touted range from rather basic concepts such as federal grants and public recognition for adopting the framework to more specific offerings around risk-based insurance pricing and working with utility companies on rates and cybersecurity investments.

Michael Daniel, special assistant to the President and cybersecurity coordinator, clarified in a blog post on Tuesday that these recommendations are simply that still -- recommendations. The suggested incentives are not official Administration policy.

That said, Daniel also noted that these are based upon "known practices that many firms already do, in part or across the enterprise and across a wide range of sectors."

The recommendations were developed in a relatively short time frame and with the understanding that the Cybersecurity Framework and Voluntary Program are still under development. Yet, they incorporate significant feedback from many of our stakeholders, including the critical infrastructure community, through the DHS-led existing public-private partnerships with critical infrastructure, and a Notice of Inquiry issued by the Commerce Department. Although each agency prepared separate reports, these reports are complementary. Taken as a whole, the reports point to eight areas where the agencies recommend action to establish incentives to support voluntary adoption of the Cybersecurity Framework.

Without naming names, Daniel stipulated that the Obama Administration is working with "critical infrastructure owners and operators" in brainstorming and drafting the project.

The Departments of Homeland Security, Commerce, and Treasury have also provided the White House with their recommendations for incentives and the final framework.

A draft of the framework is scheduled to be ready by October, followed by the final release promised for next February. At that point, the White House will be launching a voluntary program for encouraging infrastructure providers to adopt the recommended framework.

The full list of possible incentives are available on the official White House blog now.

Topics: Security, Government US, Privacy, Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Everyone should oppose these

    Simply because the White House thinks it's a good idea.
    Because if they think it's good; they're doing it for their own power and enrichment, and NOT for your protection.
  • We don't need the White House to "incentivize" us ...

    If it's such a good idea, companies will be undertaking to implement (and develop) best practices in cybersecurity out of their own best interests. They won't need (or wait for) a government outline or incentive.

    We don't need government to hamstring innovation by trying to decide and outline processes and practices.

    The government needs to implement best practices on itself, which it only can learn from private sector innovation. It can't even provide security for social security numbers or medical records. What makes anyone think they know what's best for the rest of us?

    Frankly, government is too slow and will never be able to keep up with changes in the area of cybersecurity. Government interference or "incentives" will only inhibit the process and expose even more people to risk.
  • White House security initiatives?

    After the security fiasco revealed by the actions of Bradley Manning how dare the White House suggest it has anything to offer regarding cyber-security.
    If any commercial enterprise had been guilty of such stupidity it would have become a laughing stock & certainly we would have heard of mass firings.
    You never know from whence cometh the challenge!