Seeking a middle ground between the growing pressure to regulate critical infrastructure, and the traditionally voluntary standards for systems owned by private corporations, some lawmakers are promoting a proposal for dealing with “systemically important critical infrastructure” (SICI). The idea is to label potential targets that would cause economic, public health, or national security disruptions if attacked, then offer the owners rewards for meeting certain cybersecurity baselines. For example, covered entities might receive protections against lawsuits or receive priority federal aid if attacked. Although endorsed by the Cyberspace Solarium Commission, the proposal also faces opposition from various stakeholders.
Source: