White House Proposes Cybersecurity Insurance, Other Incentives For Executive Order

  /     /     /  
Publicated : 22/11/2024   Category : security


White House Proposes Cybersecurity Insurance, Other Incentives For Executive Order


Goal is to provide financial and other perks for participation in voluntary cybersecurity framework



A nagging question surrounding the Executive Order to beef up the security of the nations critical infrastructure has been how the Obama administration would incentivize organizations to adopt the voluntary framework and participate in threat information-sharing. The White House yesterday answered that, spelling out several proposed incentives on the table for those who adopt the upcoming cybersecurity practices that will be mapped out in a framework currently under development.
Michael Daniel, special assistant to the president and cybersecurity coordinator, said the White House gathered recommendations from the Departments of Homeland Security, Commerce, and Treasury, and came up with these proposed incentives: cybersecurity insurance, federal grants, preference in technical assistance, liability limitation, streamlining with existing regulations and laws, optional public recognition, rate recovery for price-regulated industries, and cybersecurity research for future security issues.
Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders, Daniel said in a blog post, noting that this is preliminary report does not represent the final policy of the administration. We believe that sharing the findings and our plans for continued work will promote transparency and sustain a public conversation about the recommendations.
The goal is to provide organizations with some financial and other incentives to justify investing in new technologies and practices under the voluntary framework. Some of the recommended incentives can be put in place quickly under existing authorities after the Voluntary Program is established. Others would require legislative action and additional maturation of the Cybersecurity Framework and Voluntary Program, along with further analysis and dialogue between the Administration, Congress, and private sector stakeholders, he said. We are currently working with the appropriate agencies to prioritize each incentive area and move forward.
One of the more intriguing incentives, security experts say, is the one that brings the insurance industry into the equation. Daniel explained it as a way to build underwriting practices that promote the adoption of cyber risk-reducing measures and risk-based pricing and foster a competitive cyber insurance market. The Commerce Department’s National Institute of Standards and Technology is taking steps to engage the insurance industry in further discussion on the Framework, he said
in his blog post
.
[Michael Daniel says President Obamas Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure. See
White House Cybersecurity Czar: New Executive Order A Down Payment
.]
The National Institute of Standards and Technology (NIST) last month held its third workshop on crafting the cybersecurity framework. The voluntary framework is being hashed out by participating critical infrastructure operators and owners, security experts, and others under the leadership of NIST. Its scheduled to be published in draft form in October and finalized in February of 2014.
The framework thus far is centered around five security functions: know, prevent, detect, respond and recover, notes Stephen Cobb, security evangelist for Eset, which is participating in the NIST workshops to build the framework. Cobb recently
blogged about the July workshop
.
Meanwhile, incentives are key to getting organizations to adopt the framework, experts say. The Obama administrations outline of incentives is a major step there, they say.
I think its one of the most positive things to come out of the EO and actually creates some motivation for companies to think about the voluntary framework, says Mark Weatherford, principal with The Chertoff Group. The kind of incentives identified actually go farther than Ive seen in the past which is very good news.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
White House Proposes Cybersecurity Insurance, Other Incentives For Executive Order