Cybersecurity Incentive Proposals Still Under White House Review, Official Says

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Alexei Alexis  


A series of Obama administration proposals on incentives that can be used to encourage industry adoption of cybersecurity best practices are still in the review stage, a White House official told BNA July 3.

The Department of Commerce and certain federal agencies were required to prepare reports with recommendations on the issue under an executive order signed by President Obama earlier this year.

“These reports are currently undergoing a review by the Office of Management and Budget,” White House spokeswoman Laura Lucas said. “Once that process concludes, we plan to share the analysis and recommendations.”

The president's order, which was issued Feb. 12, directed the Commerce Department's National Institute of Standards and Technology to lead the creation of a framework consisting of voluntary cybersecurity standards for the nation's critical infrastructure owners and operators (12 PVLR 257, 2/18/13).

The departments of Commerce, Homeland Security, and Treasury were each required within 120 days to provide the White House with recommendations on potential cybersecurity incentives and to explain whether any legislative action might be required.

In addition, regulatory agencies were charged with reviewing existing cybersecurity mandates to determine whether they are sufficient.

Industry Expresses Cautious Optimism

The U.S. Chamber of Commerce and other leading industry groups have responded to the initiative with cautious optimism.

“[T]he most important incentive that the administration and lawmakers could extend to companies is the assurance that the cybersecurity framework would remain collaborative, flexible, and innovative over the long term,” the Chamber told the Commerce Department in an April submission. “The Chamber believes that the presence of these qualities, or the lack thereof, would be a key determinant to participation by U.S. critical infrastructure in a federal cybersecurity regime.”

The Chamber said that it strongly supports legislation to remove legal hurdles that currently prevent the private sector and government from rapidly sharing cyberthreat information. The group also urged OMB to “rein in the inclination” of agencies and departments other than NIST, as well as sector-specific agencies, to become involved in the development and execution of the framework.

“In our view, the administration has a unique opportunity to collaborate--rather than flex its regulatory authority--with the private sector as components of the [executive order] are being developed and put into practice,” the Chamber said.

By Alexei Alexis  

The Chamber of Commerce submission is available at

Request Bloomberg Law: Privacy & Data Security