The Internet Security Alliance, a non-profit group that aims to enhance cybersecurity, made the recommendations in a report, Implementing the Obama Cybersecurity Strategy via the ISA Social Contract Model, while also detailing several strategies that would help to develop market economics designed to stimulate cybersecurity efforts.
The group said that regulating via Congressional action could lead to watered-down standards developed by consensus that would do little to improve real cybersecurtiy.
"While this sort of minimalist approach is acceptable for our political process, we cannot afford a cybersecurity system that is similarly managed. Moreover, as is documented in the chapter on incentives, attempts to create cybersecurity regulations have met with limited effectiveness and typically generate increased costs to document compliance while diverting resources from actually enhancing security", the report said.
It praised the White House for recognizing the need for market stimulus and public / private partnership, and recommended that a competitive market for cybersecurity measures be created, with an escalating hierarchy of federal incentives for companies that make the grade.
Government should emphasize the need for security in its own procurement processes, the report added, while creating tax incentives.
"SMEs are a weak link in the cybersecurity supply chain and, without incentives, they may never perceive compliance with effective cybersecurity practices to be economically beneficial", it said.
The existing framework of regulations should be unified to create a single set of simplified regulations addressing cybersecurity that are easier to understand and follow, it suggested, while liability should be limited for good actors. Other suggestions included direct funding for cybersecurity research and development, and the creatinon of a national cybersecurity excellence award.