Commerce Seeks Input on Incentives For Industry in Cybersecurity Framework

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

The Department of Commerce is seeking comment on how best to create incentives to encourage private-sector companies to participate in the government's still-developing cybersecurity framework of voluntary standards and best practices, according to a notice of inquiry published March 28 in the Federal Register (78 Fed. Reg. 18954, 3/28/13).

An executive order issued by President Obama Feb. 12 directed the National Institute of Standards and Technology to develop voluntary cybersecurity standards for the nation's critical infrastructure, in collaboration with industry and other stakeholders (12 PVLR 257, 2/18/13).

On Feb. 26 NIST solicited public comments on its task of developing the new cybersecurity framework (12 PVLR 372, 3/4/13).

The order charged the Department of Homeland Security with coordinating a program to promote the NIST standards and to identify incentives for adoption, and it directed the Secretary of Commerce to evaluate the set of incentives.

Commerce posed a series of questions in the notice of inquiry, such as:

• how do businesses currently measure success and the cost-effectiveness of their cybersecurity programs;

• are there public policies or private sector initiatives in the United States that have successfully increased incentives to make security investments, and conversely;

•  are there barriers that inhibit cybersecurity investments by companies; and

• do small businesses or multinational companies encounter specific investment challenges.


The notice also seeks comment on whether Obama's executive order changes which incentives will be necessary to maximize private-sector participation in the voluntary program.

Comments on the Commerce notice of inquiry are due April 29.

The notice of inquiry is available at

Request Bloomberg Law: Privacy & Data Security