Security alliance calls financial incentives for cyber security
The Internet Security Alliance calls for the incoming Obama administration and Congress to give information technology companies financial incentives for improving cybersecurity defenses, including providing funding in research and development and shielding them from liability caused by cyberattacks
A group representing information security companies said yesterday that the Obama administration, with support from Congress, should give information technology companies financial incentives for improving cybersecurity defenses, including providing funding in research and development and shielding them from liability caused by cyberattacks. Nextgov’s Jill Aitoro writes that the Internet Security Alliance said its report, “Cybersecurity Social Contract,” is a conceptual framework that provides recommendations to the incoming Obama administration and Congress for addressing cyber threats through a public-private partnership. The report calls on the government to “get its own house in order” by improving the network security of federal systems, to educate senior industry executives about the scope of cybersecurity requirements, and to create incentives for industry to invest in cybersecurity beyond what is currently incorporated in existing business plans.
“Consumer issues, [such as] spam, are being addressed,” said Larry Clinton, president of the alliance. “But to truly modernize the infrastructure, there needs to be greater investment [by industry]; and to get companies to invest, government has to make it in their best interest.”
He added, “This notion of pointing fingers back and forth is not going to get the job done, [nor is] just appointing a chief technology officer,” which Obama said during the campaign he would do if elected president. “To not understand the public interest in assisting industry affirmatively is a mistake.”
The report offers examples of how the government can provide incentives, including credits given to vendors in government contracts for investing internally in cybersecurity efforts and a requirement for companies awarded loans from the Small Business Administration to put a percentage of funds toward information security. The report also suggests that Congress and the Obama administration encourage insurance companies to offer benefits such as lower premiums to companies that meet certain cybersecurity standards.
Aitoro writes that the alliance also encourages Congress to establish safe harbor laws that protect companies from liability for financial loss or damage resulting from a cyberattack, if they can prove they followed appropriate cybersecurity processes. Also, award programs could be created to recognize companies for stellar cybersecurity programs and results. Companies could use the awards or designations to differentiate them from competitors. Government could fund a consortium of government, industry and academic organizations to encourage research, development and adoption of new security protocols.
