National Telecommunications and Information Administration, Recommendations to the President on Incentives for Critical Infrastructure Owners and Operators to Join a Voluntary Cybersecurity Program (Aug. 6, 2013) (full-text).
On February 12, 2013, the President issued Executive Order 13636, which sets out a number of steps to address the cyber threat to critical infrastructure, including calling on the NIST to develop a Cybersecurity Framework ("Framework") and the Department of Homeland Security (DHS) to build a voluntary program ("Program") "to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities. . . ."
The Program could include guidance on how to implement the Framework in specific sectors, as well as incentives for companies to align their cybersecurity practices, with the practices and standards specified in the Framework. The President requires DHS, the Department of Commerce, and the Department of Treasury to draft separate reports on incentives to join the Program. The following recommendations are Commerce's contribution to this analysis of incentives.