A security group is urging President-elect Barack Obama to take a new approach to cybersecurity, and has suggested that the US government offer incentives for private businesses to adopt security measures.
The Internet Security Alliance (ISA), a cybersecurity advocacy group, called on Obama to abandon the voluntary approach advocated by President George Bush's administration during the last eight years.
"The voluntary partnership model of the Bush administration did not work adequately," said Larry Clinton, ISA's president. "However, a centralised set of regulatory mandates will not meet this international and quickly evolving problem, and might even be counter-productive."
The Bush administration's 2002 National Strategy to Secure Cyber Space and later efforts contained "no serious attempt" to address incentives needed for private business to invest in cybersecurity, the report said.
Half of all senior executives do not know how much money their companies have lost from cyberattacks, the ISA said. One third of companies in a recent survey don't use firewalls and nearly half didn't use encryption, the group said.
A new ISA report, The Cyber Security Social Contract, recommends that the US government establish incentives - namely tax breaks, small-business loans or lawsuit protection - for private companies to invest in cybersecurity.
"We are now past the time when government can hope that industry will simply fulfil the role of fully funding cyber infrastructure security," the report said.
It's unclear how much the ISA's recommendations would cost.
The report also calls on the government to set up a comprehensive and "aggressive" cybersecurity education programme targeted at senior executives at businesses. And it calls for an extensive program to improve the US government's own cybersecurity efforts, targeted at fixing problems at many agencies receiving poor grades on annual Federal Information Security Management Act (FISMA) reports.
"A substantial government improvement program for all their cyber systems could provide a compelling model for the underachieving portions of industry and provide a platform to drive positive economics for improvements in nongovernment programs," the report said.
ISA officials said they're confident the Obama administration will be open to the recommendations.
"The good news is that we actually do know a great deal about how to secure our cyber systems," Clinton said. "Independent research and anecdotal reports from information security officials both indicate that as much as 80 to 90 percent of our current problem could be successfully addressed if we simply get people to adopt the security practices that have been demonstrated to work."