As a part of a report approved by the National Security Telecommunications Advisory Committee, a White House advisory board is recommending the federal government create new economic incentive programs to prod critical infrastructure owners and operators to raise their cybersecurity standards, develop new liability protections around information sharing and simplify an increasingly complex national cyber regulatory regime. The report focused on why so many organizations that provide critical services to the nation often struggle to adopt best practices or invest sufficient resources into their cybersecurity operations.
According to CyberScoop, [The report] concluded that market forces alone are “insufficient” to incentivize privately owned entities to prioritize cybersecurity at the levels needed to protect national security.
The report also found that stakeholders in critical infrastructure are broadly unaware of the technical assistance and programs already offered by the federal government to help improve cybersecurity, and are facing increasingly complex compliance burdens as the Biden administration has sought to flex its regulatory powers to raise the cybersecurity bar in different sectors.
To address these obstacles, the committee recommended that the Office of the National Cyber Director work with industry to examine a range of new financial incentives, such as tax deductions and federal grants, to help close the cybersecurity investment gap. It also recommended that ONCD work with other federal agencies on a nationwide push to educate owners and operators about free federal services — like CISA’s Cyber Hygiene Service, the NSA’s Cyber Collaboration Center and NIST’s National Cybersecurity Center of Excellence — that aren’t being effectively utilized.