First look at cybersecurity incentive ideas, companion to NIST's Framework efforts
By: SGN Staff
By Andy Bochman
I'll oversimplify this to keep it short, but the President kicked all of this off earlier this year in the wake of failed cyber security legislation efforts in 2010 (GRID Act) and 2012 (Cybersecurity Act of 2012).
The two primary vectors on this project have included:
1. Having NIST lead the charge to develop a new cybersecurity framework (i.e., pattern, roadmap, guidance) made up of references to existing guidance that seem to work well. On twitter this effort is tagged #NISTCSF
2. A parallel initiative to develop incentives that might improve the business case for being more proactive on cybersecurity.
The incentive categories were just made public, and so far include:
Â· Cybersecurity Insurance
Â· Process Preference
Â· Liability Limitation
Â· Streamline Regulations
Â· Public Recognition
Â· Rate Recovery
Â· Cybersecurity Research
Liability and insurance are going to be the thorniest. And rate recovery help, if workable, sounds promising.
You can read The Hill's coverage and the original White House text via URLs below, as well as check out the current status and next activities related to the framework.
Andy Bochman is Principal at Bochman Advisors LLC which focuses on increasing cybersecurity awareness in utilities and the Federal and State organizations that regulate them. A contributor to industry and national security working groups on energy security and cyber security, Andy lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.