Republicans call for voluntary cybersecurity incentives

Companies that embrace security standards could get tax breaks or protection from lawsuits, a new report says

The U.S. Congress should focus on voluntary incentives, instead of new regulations, as a way to encourage companies to improve their cybersecurity efforts, although some changes in current laws are needed, a group of Republican lawmakers said in a report released Wednesday.

Incentives from the government could include tax breaks, regulatory relief and protection against lawsuits for companies that embrace cybersecurity standards, said the report, by the U.S. House of Representatives Republican Cybersecurity Task Force.

Cybersecurity experts have told task force members that companies may need a nudge to improve their cybersecurity efforts, but the task force members questioned the need for new regulations, except in limited areas.

"We are generally skeptical of direct regulation and of government agencies grading the security of a private company, which is another form of regulation," the report said. "Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers' pockets."

The task force, led by Representative Mac Thornberry of Texas, did recommend that Congress "investigate the possibility" of requiring companies to report significant cyberattacks and vulnerabilities as a way to improve law enforcement response.

Congress needs to take cybersecurity seriously, even though it's "not at the top of the public's expressed priorities," the report said. There are weekly news reports of successful cyberattacks, the lawmakers said.

"It is not just national security information that is being stolen from databases in the U.S.," the report said. "All kinds of intellectual property are targeted. Information stolen from U.S. databases equals jobs stolen from the U.S. economy. There are many stories of a small business developing a new product, being hacked, and finding copies of its new product flooding the market at cut-rate prices from China within a few months. We must take steps to protect American ideas."

Thieves are increasingly targeting small businesses, the reports said. "America is under attack," Representative Jason Chaffetz, a task force member from Utah, said in statement. "As a nation we must do a better job of identifying, preventing, and proactively engaging those who would do us harm."

The task force recommended that Congress update the Federal Information Security Management Act (FISMA), from a "checklist exercise" for federal agencies to an effort focused more on automated monitoring of IT systems.

Congress should also expand the definitions in the Computer Fraud and Abuse Act to outlaw more types of computer activity, including the creation of malware, and it should expand the Racketeer Influenced and Corrupt Organizations (RICO) law to include computer fraud within the definition of racketeering, the task force said.

Lawmakers should also make it a crime for a company to intentionally fail to provide required notices of a security breach involving sensitive personally identifiable information, the task force recommended.

Congress should also help create an organization outside of government that can serve as a clearinghouse for information about attacks and vulnerabilities shared among the government and private companies, including Internet service providers and security vendors, the report said. An outside organization would alleviate concerns about government agencies monitoring private networks, the report said.

"These recommendations provide sound, concrete steps to help strengthen our cybersecurity now, while also highlighting issues that need more work," Thornberry said in a statement. "Starting with incentives, information sharing, and updating some key laws can lead to real progress rather than more gridlock like we have seen with larger proposals."

President Barack Obama's administration released its own list of cybersecurity recommendations in May. The Obama plan calls for a national breach notification law, stronger penalties for cybercriminals, and a stronger cybersecurity role for the U.S. Department of Homeland Security.

Several tech groups praised the report.

The task force's recommendations will "result in immediate and positive improvements in our nation's cybersecurity by promoting the adoption of proven cybersecurity practices, standards and technologies," said Larry Clinton, president of the Internet Security Alliance, a group that has championed several similar cybersecurity recommendations.

The House report is the "most detailed and pragmatic public policy blueprint on cybersecurity any government entity has produced," Clinton said in a statement.

Representative Jim Langevin, a Rhode Island Democrat who has focused on cybersecurity issues, also applauded the Republican report and their focus on cybersecurity legislation. Langevin suggested, however, that some new regulations may be needed.

"In some areas of our critical infrastructure, it is clear that the current market is not achieving the security gains we need to address current vulnerabilities and future threats," he said in a statement. "This will require government involvement beyond incentives and voluntary minimum standards."

House Speaker John Boehner of Ohio and Majority Leader Eric Cantor of Virginia created the task force in June.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags regulationJohn BoehnerU.S. Department of Homeland SecurityJason ChaffetzlegislationJim LangevinMac ThornberrygovernmentBarack ObamaInternet Security AllianceLarry ClintonU.S. House of RepresentativessecurityEric Cantor

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?