There has been a lot of focus in the press (even Dale Peterson got into discussing it on DigitalBond) about the White House announcement earlier this week about the incentives that are being considered by the Administration to encourage high-risk critical infrastructure organizations to implement the Cybersecurity Framework (which is still under development).
Most of those folks have been concentrating on the blog post from Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, over at the WhiteHouse.gov (and reposted at the DHS Blog site).
The decision making process is far from over on what incentives will actually be proposed (many will have to go to Congress for implementation) especially since the Framework still has so far to go (the next Workshop is going to be working on the next to final draft of the preliminary version of the Framework that will be published in October). What the Administration presented this week was the initial analysis of what incentives could be considered and a look at the strong and weak points of each of the major contenders.
The meat of the proposal was linked to in Michael’s blog post, but the links were not real obvious, and there were multiple links to go through in some cases to get to the actual information. So here is a full listing of the links to the documents that the President’s staff will be considering in developing the President’s plan to move the Cybersecurity Framework into full implementation.
• NTIA Summary Report; and
Michael does a pretty good job summarizing the data. He breaks the incentives down into eight general categories:
• Cybersecurity Insurance;
• Liability Limitation;
• Streamline Regulations;
• Public Recognition;
• Rate Recovery for Price Regulated Industries;
• Cybersecurity Research.
I’ll take a little bit closer look at each of these in the coming weeks.