The Initial Views from the White House on Potential Incentives to Support Adoption of the Cybersecurity Framework are encouraging

In May, I shared Microsoft’s perspective on the U.S. government’s effort to identify incentives that could promote adoption of the Cybersecurity Framework under development at the National Institute of Standards and Technology (NIST).  In my post, I described several types of incentives that would be particularly impactful, including: 

  • Leveraging the procurement capability of the federal government;
  • Increasing government leadership to drive a more harmonized approaches to cybersecurity on a global scale; and
  • Establishing appropriately-scoped limitations on liability from cybersecurity incidents for organizations that adopt the Cybersecurity Framework.

I was pleased to read an update from the White House regarding the interagency process to determine the right incentives.  In a post on the White House blog, Special Assistant to the President and Cybersecurity Coordinator Michael Daniel provided a summary of the White House’s initial views on incentives, based upon reports from the Departments of Commerce, Homeland Security, and Treasury.  This statement and the accompanying agency reports demonstrate that meaningful progress is underway towards a final set of incentives.

Notably, the White House statement identifies eight initial areas of potential incentives that were drawn from the agencies’ reports.  The initial list is encouraging.  For example, the White House’s acknowledgement of liability limitation as a potential incentive is consistent with our comments to the Department of Commerce about incentives.  However, as the White House notes, Congressional action will be needed to realize some of the potential incentives.

We look forward to continued engagement with both public and private sector stakeholders on implementation of the Executive Order on critical infrastructure cybersecurity, and especially the White House-led effort to determine incentives.

Paul Nicholas
Senior Director, Global Security Strategy
Microsoft Corporation


About the Author
Paul Nicholas

Senior Director, Trustworthy Computing

Paul Nicholas leads Microsoft’s Global Security Strategy and Diplomacy Team, which focuses on driving strategic change, both within Microsoft and externally, to advance infrastructure security and resiliency. His team addresses global challenges related to risk management, incident response, emergency communications, Read more »