Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Last month my blog post discussed Microsoft’s perspective on building a Cybersecurity Framework for critical infrastructure, which is part of President Obama’s Executive Order on cybersecurity. As a next step in the process of implementing the Executive Order, the Commerce Department recently requested comments regarding incentives to encourage critical infrastructure entities and others to adopt improved cybersecurity practices. These incentives would be aimed at encouraging participation in a new voluntary program (referred to as the Voluntary Program below) to support the adoption by owners and operators of critical infrastructure and other interested entities of the Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST).
Last week, Microsoft submitted comments to the Commerce Department about these incentives. Before discussing Microsoft’s comments, it is important to acknowledge that the Commerce Department has led an ongoing public discussion about how to incent broader adoption of cybersecurity practices, reaching back to Commerce’s Green Paper on Cybersecurity, Innovation, and the Internet Economy and our comments both prior and subsequent to the Green Paper. We appreciate the Commerce Department’s consistent focus on the important challenge of creating incentives to increase cybersecurity.
Our comments outline four main incentives that we believe would be meaningful to both critical infrastructure and non-critical infrastructure entities:
The dialogue around the Executive Order implementation in the United States and the draft Network and Information Security Directive in Europe is an important phase in the development of global cybersecurity policy and practice. The development and implementation of these efforts are very challenging and will require new approaches and unprecedented collaboration between and among governments and industry. Microsoft is committed to working with industry and government partners to help advance international standards and practices that enhance cybersecurity. We look forward to continued engagement with Commerce, other agencies, and the private sector as the Executive Order is implemented.
Paul NicholasSenior Director, Global Security StrategyMicrosoft Corporation