Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directs the National Institute of Standards and Technology (“NIST”) to develop a Cybersecurity Framework  of standards, methodologies, and processes for addressing cybersecurity risk.  It also charges the Department of Homeland Security with developing a Critical Infrastructure Cybersecurity Program to promote adoption of the Cybersecurity Framework by critical infrastructure entities.  To facilitate these initiatives, the Executive Order instructs the Secretaries of Homeland Security, Treasury, and Commerce to recommend incentives to promote participation in the Program.   

On March 28, the Department of Commerce, through the Office of the Secretary, NIST, and the National Telecommunications and Information Administration (“NTIA”), issued a Notice of Inquiry regarding “Incentives To Adopt Improved Cybersecurity Practices.”  Yesterday, representatives of Covington & Burling LLP and The Chertoff Group filed comments in response to the Notice of Inquiry.  The comments set out several principles for the Department of Commerce to consider in structuring incentives for participation in the Program.  The comments are based on the professional experience of the representatives and are not offered on behalf of any client of either firm or any other entity.

All of the comments submitted in response to the Notice of Inquiry are available on the NTIA website.