Incentives contained in the report include development of voluntary standards through a public-private partnership, using existing tax credits and grant funding to promote increased cybersecurity, and encouraging the insurance industry to play a more active role in providing cybersecurity coverage.
The Republicans recommended streamlining existing information security regulations, such as Sarbanes-Oxley (SOX) for financial system security, the Health Insurance Portability and Accountability Act (HIPAA) for health information, and Gramm-Leach-Bliley (GLB) for personal financial information.
The proposal would require the Obama administration to develop, in cooperation with the private sector, unified information security standards that would satisfy the requirements of all three laws. “A company would be encouraged to implement stronger security standards by allowing it to save money and time by avoiding multiple audits from multiple regulators”, the report stressed.
In addition, the task force recommended greater information sharing about cyber threats and development of active cyber defenses. It agreed with the Obama administration’s proposal to shift responsibility for federal government cybersecurity from the Office of Managment and Budget to the Department of Homeland Security.
“These recommendations provide sound, concrete steps to help strengthen our cybersecurity now, while also highlighting issues that need more work. Starting with incentives, information sharing, and updating some key laws can lead to real progress rather than more gridlock like we have seen with larger proposals,” said Rep. Mac Thornberry (R-Texas), who chaired the task force.