Creating a National Framework for Cybersecurity: An Analysis of Issues and Options

Abstract

Many observers believe that cyberspace has too many of the properties of a commons for market forces alone to provide those incentives. Also, current federal laws, regulations, and public-private partnerships appear to be much narrower inscope than the policies called for in the National Strategy to Secure Cyberspace and similar documents. Some recent laws do provide regulatory incentives for corporate management to address cybersecurity issues. Potential models for additional actioninclude the response to the year-2000 computer problem and federal safety and environmental regulations. Congress might consider encouraging the widespread adoption of cybersecurity standards and best practices, procurement leveraging by thefederal government, mandatory reporting of incidents, the use of product liability actions, the development of cybersecurity insurance, and strengthened federal cybersecurity programs in the Department of Homeland Security and elsewhere. This report will be updated in response to significant developments in cybersecurity.