The hints come from an article by the National Security Agency’s (NSA) former general counsel, Glenn S. Gerstell, who’s been involved in development of the plan.
He predicts a much more detailed cyber strategy than in past and indicates increased federal involvement is coming, because: “Market forces are not enough.”
That includes reliance on cyber insurance.
“Reducing the safety net of commercial cyber insurance, while uncomfortable in some respects, might force companies to be more careful about their data practices, so they wouldn’t bear the liability costs of a breach. (Perhaps that could be offset by federal insurance to cover risks of nation-state cyberattacks, which seems more in keeping with the federal government’s constitutional responsibility to provide for the common defense.)”
He also suggests the feds require software and hardware providers to put cybersecurity “labels” on their products, much like the nutrition labels on food.