There’s been a lot of talk about the value of public-private partnerships in moving the U.S. toward a more robust cyber security posture. And let’s be honest: there’s also been a lot of private sector skepticism about how much the Administration really believed in the concept or how much they would do to make it happen. I’m delighted to say that, so far, those skeptics have been proven wrong. Through both the NIST framework and the list of positive incentives recently released, this Administration is demonstrating that they really get it on cyber security partnerships.
To help secure the nation’s critical infrastructures, NIST is working with the private sector to design a Cybersecurity Framework – a set of core practices to develop capabilities to manage cyber security risk. McAfee participates in this effort, as do many other experts from government and industry, and while it’s difficult to bring all these players together, NIST is making good progress. The Administration has also kept its promise that the framework will be voluntary for owners/operators of critical infrastructure and other players such as IT companies or suppliers of products and services – a feature that’s key to the framework’s success and key to solidifying trust with the private sector.
To encourage critical infrastructure companies to adopt the framework, the Administration recently came out with recommendations for positive incentives, and these are also a step in the right direction. The incentives include such concepts as cybersecurity insurance, grants, limits on liability, streamlined regulation and increased funding for R&D. Promoting incentives rather than additional regulation is exactly the right course, because with more regulation we risk having a more compliant power or water company, but not necessarily a more secure one.
With both initiatives – the framework and the incentives – the Administration is showing supporters and critics alike that they’re serious about partnering with the private sector and serious about keeping the fixes voluntary. I commend them for that. This way we can work collaboratively to secure our critical infrastructures so they’re able to resist cyber attack and recover quickly if they do incur attacks. That should be the greatest incentive of all.
To learn more about the cybersecurity executive order, the latest progress, and how you can participate, download the McAfee EO 13636 Solution Brief.