President Barack Obama's administration has drafted a potential recipe for sweetening its voluntary corporate cybersecurity program. The program is under development at the White House and is aimed at utility companies and other businesses that are key to U.S. infrastructure.
The White House on Tuesday revealed possible incentives it may use to bring critical infrastructure companies into the program, which would encourage the development of capabilities to mitigate cyber risk. The potential enticements include cybersecurity insurance through agencies, reduced tort liability, easier access to federal grants and technical assistance, public recognition, and utility rate adjustments to help offset cybersecurity investments.
"Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders," Michael Daniel, the White House's top cybersecurity adviser, wrote in a blog post announcing the incentives. "We believe that sharing the findings and our plans for continued work will promote transparency and sustain a public conversation about the recommendations. Publishing these agency reports is therefore an interim step and does not indicate the Administration’s final policy position on the recommend actions."