Republicans call for voluntary cybersecurity incentives

Companies that embrace security standards could get tax breaks or protection from lawsuits, a new report says

The U.S. Congress should focus on voluntary incentives, instead of new regulations, as a way to encourage companies to improve their cybersecurity efforts, although some changes in current laws are needed, a group of Republican lawmakers said in a report released Wednesday.

Incentives from the government could include tax breaks, regulatory relief and protection against lawsuits for companies that embrace cybersecurity standards, said the report, by the U.S. House of Representatives Republican Cybersecurity Task Force.

Cybersecurity experts have told task force members that companies may need a nudge to improve their cybersecurity efforts, but the task force members questioned the need for new regulations, except in limited areas.

"We are generally skeptical of direct regulation and of government agencies grading the security of a private company, which is another form of regulation," the report said. "Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers' pockets."

The task force, led by Representative Mac Thornberry of Texas, did recommend that Congress "investigate the possibility" of requiring companies to report significant cyberattacks and vulnerabilities as a way to improve law enforcement response.

Congress needs to take cybersecurity seriously, even though it's "not at the top of the public's expressed priorities," the report said. There are weekly news reports of successful cyberattacks, the lawmakers said.

"It is not just national security information that is being stolen from databases in the U.S.," the report said. "All kinds of intellectual property are targeted. Information stolen from U.S. databases equals jobs stolen from the U.S. economy. There are many stories of a small business developing a new product, being hacked, and finding copies of its new product flooding the market at cut-rate prices from China within a few months. We must take steps to protect American ideas."

Thieves are increasingly targeting small businesses, the reports said. "America is under attack," Representative Jason Chaffetz, a task force member from Utah, said in statement. "As a nation we must do a better job of identifying, preventing, and proactively engaging those who would do us harm."

The task force recommended that Congress update the Federal Information Security Management Act (FISMA), from a "checklist exercise" for federal agencies to an effort focused more on automated monitoring of IT systems.

Congress should also expand the definitions in the Computer Fraud and Abuse Act to outlaw more types of computer activity, including the creation of malware, and it should expand the Racketeer Influenced and Corrupt Organizations (RICO) law to include computer fraud within the definition of racketeering, the task force said.

Lawmakers should also make it a crime for a company to intentionally fail to provide required notices of a security breach involving sensitive personally identifiable information, the task force recommended.

Congress should also help create an organization outside of government that can serve as a clearinghouse for information about attacks and vulnerabilities shared among the government and private companies, including Internet service providers and security vendors, the report said. An outside organization would alleviate concerns about government agencies monitoring private networks, the report said.

"These recommendations provide sound, concrete steps to help strengthen our cybersecurity now, while also highlighting issues that need more work," Thornberry said in a statement. "Starting with incentives, information sharing, and updating some key laws can lead to real progress rather than more gridlock like we have seen with larger proposals."

President Barack Obama's administration released its own list of cybersecurity recommendations in May. The Obama plan calls for a national breach notification law, stronger penalties for cybercriminals, and a stronger cybersecurity role for the U.S. Department of Homeland Security.

Several tech groups praised the report.

The task force's recommendations will "result in immediate and positive improvements in our nation's cybersecurity by promoting the adoption of proven cybersecurity practices, standards and technologies," said Larry Clinton, president of the Internet Security Alliance, a group that has championed several similar cybersecurity recommendations.

The House report is the "most detailed and pragmatic public policy blueprint on cybersecurity any government entity has produced," Clinton said in a statement.

Representative Jim Langevin, a Rhode Island Democrat who has focused on cybersecurity issues, also applauded the Republican report and their focus on cybersecurity legislation. Langevin suggested, however, that some new regulations may be needed.

"In some areas of our critical infrastructure, it is clear that the current market is not achieving the security gains we need to address current vulnerabilities and future threats," he said in a statement. "This will require government involvement beyond incentives and voluntary minimum standards."

House Speaker John Boehner of Ohio and Majority Leader Eric Cantor of Virginia created the task force in June.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the PC World newsletter!

Error: Please check your email address.

Tags regulationJohn BoehnerU.S. Department of Homeland SecurityJason ChaffetzlegislationJim LangevinMac ThornberrygovernmentBarack ObamaInternet Security AllianceLarry ClintonU.S. House of RepresentativessecurityEric Cantor

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?