Mounting cybersecurity threats require the federal government and private sector to build a partnership that could include tax credits and liability protection, said Rep. James Langevin (D-R.I.) during an Oct. 25 talk at the Brookings Institution in Washington, D.C.

"Companies' good intentions are only going to get us so far" in dealing with cyber threats from advanced actors, he said. Langevin, who is co-founder of the Congressional Cybersecurity Caucus, said he favors an information sharing model, creation of a dot-secure domain for critical infrastructure providers, an increased role for the insurance in promoting private sector cybersecurity, tax incentives and possibly liability protection.

"I'm open to considering [liability protection], but it would have to be in exchange, if you will, for adopting tough standards," he said.

A position of White House cybersecurity director should be created, Langevin also said, since the cybersecurity czar lacks authority to make real changes.

During his speech, Langevin also decried classification of cybersecurity information within the government.

"We have a classification system that is based on potential damage to national security, but in cybersecurity often times this reactionary thinking is backwards," he said, since the more widely distributed attack signature information is, the safer the nation is.

The likelihood of more damaging attacks will increase, Langevin said, citing the evolution of distributed denial-of-service attacks from a vector that once required computing knowledge to one that now can be launched with downloadable software.

For more:
- go to the Brookings event webpage (archived audio available)
- go to THOMAS page for H.R. 1136, a cybersecurity bill introduced in March by Langevin

Related Articles:
Federal government has dot-secure Internet domain under consideration
Business Roundtable: Lock up corporate hackers
Lewis: Common assumptions about cybersecurity policy are wrong