On March 28th, NIST and NTIA will publish a Federal Register notice opening an Inquiry into “Incentives to Adopt Improved Cybersecurity Practices.” An advance copy of the Notice is attached here. The Inquiry is in response to the President’s Directive to the Secretary of Commerce contained in Executive Order 13636, Improving Critical Infrastructure Cybersecurity. The Notice explaines that
The Executive Order recognizes that further incentives may be necessary to encourage sufficient private sector participation in the Program. To develop a clearer picture of existing and potential incentives, the Executive Order directs the Department of Commerce to recommend ways to promote participation in the Program. … Consistent with the Executive Order, these incentives may include technical and public policy measures that improve cybersecurity without creating barriers to innovation, economic growth, and the free flow of information. The Department of Commerce will submit its recommendations to the President through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs no later than June 12, 2013.
There is a 30 day comment period on the Notice. The incentives developed through this Inquiry have the potential to play a significant role in promoting voluntary compliance with the Cybersecurity Framework being developed by NIST. The incentives may also serve as a testbed and model for future federal regulatory and quasi-regulatory regimes.