On February 12th, following dissatisfaction with Congress' ability to pass cybersecurity legislation like CISPA, President Obama signed an executive order that allows the government to share more information it has on so-called national "cyber threats" with private companies. Today, the White House previewed a set of incentives it hopes will eventually convince private companies to comply with the voluntary provisions of the order.
Chief among those incentives is a proposal from multiple US agencies that would establish a competitive "cyber insurance market." The White House says that the goal of a cyber insurance market would be to create incentives for companies to adopt "cyber risk-reducing measures." While such a market is only in the early stages, it's reminiscent of post-9/11 measures to insure against the risk of terrorism, which resulted in the Terrorism Risk Insurance Act — an effort to provide a backstop to the insurance industry and protect the US economy in the event of another major attack.
Mostly vague promises
The rest of the incentives in today's White House blog post are largely vague promises pertaining to the federal government's cooperation with power plants and other critical infrastructure to bolster their security: promises that were already intimated in the president's executive order. The incentive areas include federal grants (with no specific criteria or purpose), expedited technical assistance from the government depending on the importance of a company's infrastructure, limited liability, and public recognition for companies that choose to volunteer.
Obviously there's a lot of detail the administration needs to work out, and the White House says that the recommendations were developed "in a relatively short time frame." The administration says that US agencies and stakeholders will evaluate the incentives over the next few months.