Republicans call for voluntary cybersecurity incentives

Companies that embrace security standards could get tax breaks or protection from lawsuits, a new report says

The U.S. Congress should focus on voluntary incentives, instead of new regulations, as a way to encourage companies to improve their cybersecurity efforts, although some changes in current laws are needed, a group of Republican lawmakers said in a report released Wednesday.

Incentives from the government could include tax breaks, regulatory relief and protection against lawsuits for companies that embrace cybersecurity standards, said the report, by the U.S. House of Representatives Republican Cybersecurity Task Force.

Cybersecurity experts have told task force members that companies may need a nudge to improve their cybersecurity efforts, but the task force members questioned the need for new regulations, except in limited areas.

"We are generally skeptical of direct regulation and of government agencies grading the security of a private company, which is another form of regulation," the report said. "Threats and practices change so quickly that government-imposed standards cannot keep up. Regulations can add to costs that ultimately come out of consumers' pockets."

The task force, led by Representative Mac Thornberry of Texas, did recommend that Congress "investigate the possibility" of requiring companies to report significant cyberattacks and vulnerabilities as a way to improve law enforcement response.

Congress needs to take cybersecurity seriously, even though it's "not at the top of the public's expressed priorities," the report said. There are weekly news reports of successful cyberattacks, the lawmakers said.

"It is not just national security information that is being stolen from databases in the U.S.," the report said. "All kinds of intellectual property are targeted. Information stolen from U.S. databases equals jobs stolen from the U.S. economy. There are many stories of a small business developing a new product, being hacked, and finding copies of its new product flooding the market at cut-rate prices from China within a few months. We must take steps to protect American ideas."

Thieves are increasingly targeting small businesses, the reports said. "America is under attack," Representative Jason Chaffetz, a task force member from Utah, said in statement. "As a nation we must do a better job of identifying, preventing, and proactively engaging those who would do us harm."

The task force recommended that Congress update the Federal Information Security Management Act (FISMA), from a "checklist exercise" for federal agencies to an effort focused more on automated monitoring of IT systems.

Congress should also expand the definitions in the Computer Fraud and Abuse Act to outlaw more types of computer activity, including the creation of malware, and it should expand the Racketeer Influenced and Corrupt Organizations (RICO) law to include computer fraud within the definition of racketeering, the task force said.

Lawmakers should also make it a crime for a company to intentionally fail to provide required notices of a security breach involving sensitive personally identifiable information, the task force recommended.

Congress should also help create an organization outside of government that can serve as a clearinghouse for information about attacks and vulnerabilities shared among the government and private companies, including Internet service providers and security vendors, the report said. An outside organization would alleviate concerns about government agencies monitoring private networks, the report said.

"These recommendations provide sound, concrete steps to help strengthen our cybersecurity now, while also highlighting issues that need more work," Thornberry said in a statement. "Starting with incentives, information sharing, and updating some key laws can lead to real progress rather than more gridlock like we have seen with larger proposals."

President Barack Obama's administration released its own list of cybersecurity recommendations in May. The Obama plan calls for a national breach notification law, stronger penalties for cybercriminals, and a stronger cybersecurity role for the U.S. Department of Homeland Security.

Several tech groups praised the report.

The task force's recommendations will "result in immediate and positive improvements in our nation's cybersecurity by promoting the adoption of proven cybersecurity practices, standards and technologies," said Larry Clinton, president of the Internet Security Alliance, a group that has championed several similar cybersecurity recommendations.

The House report is the "most detailed and pragmatic public policy blueprint on cybersecurity any government entity has produced," Clinton said in a statement.

Representative Jim Langevin, a Rhode Island Democrat who has focused on cybersecurity issues, also applauded the Republican report and their focus on cybersecurity legislation. Langevin suggested, however, that some new regulations may be needed.

"In some areas of our critical infrastructure, it is clear that the current market is not achieving the security gains we need to address current vulnerabilities and future threats," he said in a statement. "This will require government involvement beyond incentives and voluntary minimum standards."

House Speaker John Boehner of Ohio and Majority Leader Eric Cantor of Virginia created the task force in June.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the PC World newsletter!

Error: Please check your email address.

Tags regulationJohn BoehnerU.S. Department of Homeland SecurityJason ChaffetzlegislationJim LangevinMac ThornberrygovernmentBarack ObamaInternet Security AllianceLarry ClintonU.S. House of RepresentativessecurityEric Cantor

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?