White House advisory group says market forces \u2018insufficient\u2019 to drive cybersecurity in critical infrastructure | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/nstac-white-house-advisory-group-critical-infrastructure\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"White House advisory group says market forces \u2018insufficient\u2019 to drive cybersecurity in critical infrastructure\"> <meta property=\"og:description\" content=\"An industry-led group is calling for the federal government to develop economic incentives for small and medium-sized businesses, simplify cyber regulations and provide clear liability protections around information sharing.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/nstac-white-house-advisory-group-critical-infrastructure\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-03-07T20:21:09+00:00\"> <meta property=\"article:modified_time\" content=\"2024-03-07T20:21:10+00:00\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1709678820g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css,\/wp-content\/plugins\/embedpress\/Gutenberg\/dist\/blocks.style.build.css?m=1709662998\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-content\/plugins\/embedpress\/assets\/css\/embedpress.css,\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1709325119\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\">\n<link rel=\"stylesheet\" id=\"all-css-10\" href=\"https:\/\/cyberscoop.com\/_static\/??\/wp-includes\/css\/dashicons.min.css,\/wp-content\/plugins\/embedpress\/assets\/css\/plyr.css?m=1709678820\" type=\"text\/css\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79671\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79671\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnstac-white-house-advisory-group-critical-infrastructure%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnstac-white-house-advisory-group-critical-infrastructure%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79671 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/nstac-white-house-advisory-group-critical-infrastructure\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.516169154229\">\n<div class=\"single-article__header-content\" readability=\"32.377260981912\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> An industry-led group is calling for the federal government to develop economic incentives for small and medium-sized businesses, simplify cyber regulations and provide clear liability protections around information sharing. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg 2120w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=2048,1366 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"31.679213210296\"><body readability=\"64.779474130619\"><\/p>\n<p>A White House advisory board is recommending the federal government create new economic incentive programs to prod critical infrastructure owners and operators to raise their cybersecurity standards, develop new liability protections around information sharing and simplify an increasingly complex national cyber regulatory regime.<\/p>\n<p>The recommendations are part of a <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-02\/2024.02.12_DRAFT_NSTACM%26IReport_508c.pdf\">report<\/a> approved Thursday by the National Security Telecommunications Advisory Committee, which is made up of representatives from the nation\u2019s largest telecommunications companies as well as cybersecurity firms. The report focused on why so many organizations that provide critical services to the nation often struggle to adopt best practices or invest sufficient resources into their cybersecurity operations.<\/p>\n<p>It concluded that market forces alone are \u201cinsufficient\u201d to incentivize privately owned entities to prioritize cybersecurity at the levels needed to protect national security.<\/p>\n<p>The report also found that stakeholders in critical infrastructure are broadly unaware of the technical assistance and programs already offered by the federal government to help improve cybersecurity, and are facing increasingly complex compliance burdens as the Biden administration has sought to flex its regulatory powers to raise the cybersecurity bar in different sectors.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>To address these obstacles, the committee recommended that the Office of the National Cyber Director work with industry to examine a range of new financial incentives, such as tax deductions and federal grants, to help close the cybersecurity investment gap. It also recommended that ONCD work with other federal agencies on a nationwide push to educate owners and operators about free federal services \u2014 like CISA\u2019s Cyber Hygiene Service, the NSA\u2019s Cyber Collaboration Center and NIST\u2019s National Cybersecurity Center of Excellence \u2014 that aren\u2019t being effectively utilized.<\/p>\n<p>The committee also suggested that ONCD take the lead on developing a strategy that provides \u201cunambiguous language\u201d that carves out liability protections and safe harbor for companies to more freely share information around cyber threats and vulnerabilities that could impact one or multiple industrial sectors.<\/p>\n<p>National Cyber Director Harry Coker gave brief remarks during the meeting, thanking the committee and remarking on the recommendations in the report: \u201cI\u2019ve already reviewed them and I like them.\u201d<\/p>\n<p>Matthew Desch, CEO of Iridium Communications and co-chair of the subcommittee that created the report, said the conclusions were drawn from more than 50 briefings conducted by NSTAC members with critical infrastructure providers, cloud and tech service providers, consultants, trade associations and think tanks.<\/p>\n<p>\u201cThe lack of consistent adoption and implementation of cyber best practices and standards is especially problematic as U.S. critical infrastructure entities face a significantly heightened threat landscape, and even more so considering the current geopolitical climate,\u201d Desch said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The recommendations in the report were approved shortly after U.S. officials <a href=\"https:\/\/cyberscoop.com\/chinese-cyber-threats-fbi-operation-botnet\/\">warned<\/a> in January that a hacking group tied to the Chinese government, known as Volt Typhoon, has spent years lurking inside the systems and networks of American critical infrastructure providers. Brandon Wales, CISA\u2019s executive director, said the group\u2019s \u201caim appears to be burrowing into our critical infrastructure for the purpose of conducting disruptive or destructive attacks.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3655172413793\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/nstac-white-house-advisory-group-critical-infrastructure\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>White House advisory group says market forces \u2018insufficient\u2019 to drive<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,1660,521],"tags":[86,1661,524],"class_list":["post-2677","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-national-security-telecommunications-advisory-committee","category-office-of-the-national-cyber-director","tag-cybersecurity","tag-national-security-telecommunications-advisory-committee","tag-office-of-the-national-cyber-director"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-telecommunications-advisory-committee\/\" rel=\"category tag\">National Security Telecommunications Advisory Committee<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/office-of-the-national-cyber-director\/\" rel=\"category tag\">Office of the National Cyber Director<\/a>","tag_info":"Office of the National Cyber Director","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2677"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2677\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2677,"date":"2024-03-07T14:21:09","date_gmt":"2024-03-07T20:21:09","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79671"},"modified":"2024-03-07T14:21:09","modified_gmt":"2024-03-07T20:21:09","slug":"white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/07\/white-house-advisory-group-says-market-forces-insufficient-to-drive-cybersecurity-in-critical-infrastructure\/","title":{"rendered":"White House advisory group says market forces \u2018insufficient\u2019 to drive cybersecurity in critical infrastructure"},"content":{"rendered":"