A trade association of major defense, telecommunications and financial services businesses wants Congress and the Obama administration to avoid placing mandates on private companies when it comes to cybersecurity, and instead offer incentives that encourage companies to improve their practices.
The Internet Security Alliance on Thursday issued a 70-page report promoting a partnership between the government and private companies that would encourage businesses to view good cybersecurity practices as being in their economic interest.
"We will never have a sustainable system of cybersecurity until we change the economic equation that governs it," said Larry Clinton, president of the group.
Clinton said the alliance had shared the report with the White House and planned to discuss it later Thursday with Christopher Painter, the National Security Council's cybersecurity director.
When asked if there are now any proposals that worry the alliance, Clinton cited a cybersecurity bill being drafted by Senate Commerce Chairman John (Jay) Rockefeller and Sen. Olympia Snowe, R-Maine.
They introduced a bill in April, but since have been rewriting it amid pushback from industry.
Clinton said he is worried the bill would empower the National Institute of Standards and Technology to impose information technology standards detrimental to business.
Senate Homeland Security and Governmental Affairs Chairman Joseph Lieberman plans to introduce cybersecurity legislation this month, his spokeswoman said.
But Clinton said the alliance is encouraged by the emerging approach the administration is taking. Indeed, the report's opening passage quotes President Obama as saying his administration will not mandate private-sector cybersecurity standards.
The report cites nine incentives the government could use to sway private companies to adopt good cybersecurity practices.
The government could, for example, create a program under which companies could be given liability insurance benefits for developing technology and standards, the report states. The government could also tie federal funding and contract awards to effective cybersecurity practices.
Other incentives the government could offer companies include streamlined regulations, tax breaks, grant funding for research and development and liability protections, according to the report.
"Just as the United States needed universal utility services a century ago, we need universal cybersecurity today," Clinton said. "To achieve that objective, there must be incentives for companies to make investments that might not be justified in individual business plans."
Obama has pledged to appoint a senior official inside the White House to coordinate cybersecurity efforts and who would report to both the NSC and the National Economic Council. Clinton said the alliance supports that move.