The recommendations range from economic incentives and safe harbor protections to providing antitrust exemptions for critical infrastructure industry sectors that agree on security specifications for their hardware and software purchases
Putnam, chairman of the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, last year drafted a bill that would require publicly traded companies to include as part of their annual filing with the Securities and Exchange Commission a report on their infosec plans.
After getting feedback from trade groups and others, he postponed introducing the bill and challenged the private sector to develop alternatives. He convened the Corporate Information Security Working Group, which has 25 members from business associations, academic institutions and trade groups.
Putnam said he is evaluating the group's work, along with recommendations recently released by the National Cyber Security Partnership, and other alternatives to cybersecurity legislation. He called the group's recommendations "innovative and creative approaches, utilizing a variety of tools to achieve a private-sector, market-based approach" to infosec across all sectors.
Putnam said he's already started work on one of the group's suggestions: to amend the Clinger-Cohen Act to explictly identity infosec as a component that federal agencies must evaluate in their IT investment planning.