Tech groups call for less cybersecurity regulation, more incentives

A coalition of technology and business groups called for tax credits, not regulations, to motivate companies to protect vulnerable Internet networks in the United States.

In a 20-page white paper released Tuesday, the Internet Security Alliance, Business Software Alliance, Center for Democracy & Technology, TechAmerica and the U.S. Chamber of Commerce argue for a market-based approach to cybersecurity, with a public-private partnership, rather than government mandates.

"Regular and meaningful collaboration between the public and private sectors is the essence of a strong partnership," the report concludes. "A strong framework for promoting cybersecurity through a public private partnership is already in place, and industry and government have devoted substantial resources to it. There is no need to create a new one, or to replace the existing partnership model with a system of government mandates that would erode trust, threaten privacy and undermine voluntary cooperation. This would be a setback for cybersecurity."

The report represents the first time civil liberties advocates and software users and providers have come together to push for a comprehensive approach to cybersecurity.

"The paper rejects heavy-handed government mandates in favor of a strengthened partnership between industry and government," said CDT Senior Counsel Gregory T. Nojeim. "Cybersecurity needs not--and should not--trump privacy and other civil liberties, nor should it stifle innovation."

Building on some of the conclusions of President Obama's Cyberspace Policy Review, the groups call for "market incentives" to motivate companies and ask for greater industry involvement in responding to cyber attacks.

"This is not just a tech issue," said ISA President Larry Clinton, in an interview. "There are many other factors, including the fact that right now, the economics favor the attackers. We need to turn that around."

A partnership should be used to create a National Cybersecurity Research and Development Plan and increase education and awareness about cyber threats, the report urged.