In the 112th Congress, a high-level task force convened by House Speaker John Boehner (R-OH) endorsed the approach laid out by ISA in the Cyber Security Social Contract. When the House GOP Task Force on Cyber Security convened, ISA was the first witness called to provide recommendations.The House Republican Task Force Report on Cyber Security, published October 5, 2011, mirrors ISA recommendations and lifts language virtually verbatim from the ISA Cyber Social Contract.
For example, the very first of the GOP recommendations was for Congress to create a “menu of market incentives tied to the voluntary adoption of cyber security measures,” which is the core ISA policy position and taken verbatim from ISA’s “Social Contract” and “Social Contract 2.0″ as well as from ISA Congressional Testimonies.
In addition to adopting this core ISA policy position, the House Task Force included a number of other ISA policy suggestions as part of their recommendations, including:
- The notion that regulation cannot keep pace with technological change;
- The realization that not one set of cybersecurity standards will not apply equally across industries or even businesses;
- Streamlined regulation, licensing, and permitting as an incentive;
- Exploration of mechanisms to promote the usage of cyber insurance;
- Tying taxes and grants to adoption of cybersecurity best practices and measures; and
- Limited liability for good actors
Following subsequent ISA testimony, the House Energy and Commerce Subcommittee on Internet and Technology formed a bipartisan task force to examine the usage of market incentives in enhancing cybersecurity. On June 19, 2012, Subcommittee Chairman Greg Walden (R-OR) met with the ISA Board and asked its members to help in developing this construct so that additional legislative action in this direction will be ready for the new Congress.