White House outlines possible incentives for cybersecurity framework

Most of the suggested incentives are based upon "known practices that many firms already do, in part or across the enterprise and across a wide range of sectors."
Written by Rachel King, Contributor

The White House has published a new list of incentives designed to foster adoption for a national cybersecurity framework.

See also: White House nominates venture capitalist as new FCC chairman | White House takes a stand on tech patent wars with several recommendations

The framework follows up an Executive Order signed by President Obama earlier this year for increasing and improving the management of cyber risk.

Thus, the list of incentives are being spun around three primary topics: information sharing, privacy, and adoption of cybersecurity practices.

Some of the incentives being touted range from rather basic concepts such as federal grants and public recognition for adopting the framework to more specific offerings around risk-based insurance pricing and working with utility companies on rates and cybersecurity investments.

Michael Daniel, special assistant to the President and cybersecurity coordinator, clarified in a blog post on Tuesday that these recommendations are simply that still -- recommendations. The suggested incentives are not official Administration policy.

That said, Daniel also noted that these are based upon "known practices that many firms already do, in part or across the enterprise and across a wide range of sectors."

The recommendations were developed in a relatively short time frame and with the understanding that the Cybersecurity Framework and Voluntary Program are still under development. Yet, they incorporate significant feedback from many of our stakeholders, including the critical infrastructure community, through the DHS-led existing public-private partnerships with critical infrastructure, and a Notice of Inquiry issued by the Commerce Department. Although each agency prepared separate reports, these reports are complementary. Taken as a whole, the reports point to eight areas where the agencies recommend action to establish incentives to support voluntary adoption of the Cybersecurity Framework.

Without naming names, Daniel stipulated that the Obama Administration is working with "critical infrastructure owners and operators" in brainstorming and drafting the project.

The Departments of Homeland Security, Commerce, and Treasury have also provided the White House with their recommendations for incentives and the final framework.

A draft of the framework is scheduled to be ready by October, followed by the final release promised for next February. At that point, the White House will be launching a voluntary program for encouraging infrastructure providers to adopt the recommended framework.

The full list of possible incentives are available on the official White House blog now.

Editorial standards