Consistent with the earlier cybersecurity Executive Order, the Administration has been working on ways of incetivizing the private sector to adopt the Cybersecurity Framework under development by NIST. Earlier today, the White House announced the outlines of its incentives policy. It anticipates offering incentives in 8 separate areas:
- Cybersecurity Insurance
- Grants
- Process Preference
- Liability Limitation
- Streamline Regulations
- Public Recognition
- Rate Recovery for Price Regulated Industries
- Cybersecurity Research
The announcement is short on details, but long on ambition. And I have not yet found (much less read) the underlying reports. But if fully implemented to the maximum extent permitted by existing law, these types of changes would put a significant effort behind efforts to drive the public sector toward the NIST security model — all without the need for Congressional legislation.