A major security group is urging Barack Obama, the next US president, to take a new approach to cybersecurity, and has suggested that the US government offer incentives for private businesses to adopt security measures.
The Internet Security Alliance (ISA), a cybersecurity advocacy group, called on Obama to abandon the voluntary approach advocated by President George Bush's administration during the last eight years.
"The voluntary partnership model of the Bush administration did not work adequately," said Larry Clinton, ISA's president. "However, a centralised set of regulatory mandates will not meet this international and quickly evolving problem, and might even be counter-productive."
The Bush administration's 2002 National Strategy to Secure Cyber Space and later efforts contained "no serious attempt" to address incentives needed for private business to invest in cybersecurity, the report said.
Half of all senior executives do not know how much money their companies have lost from cyberattacks, the ISA said. One third of companies in a recent survey don't use firewalls and nearly half didn't use encryption, the group said.
A new ISA report, called the Cyber Security Social Contract, recommends that the US government establish incentives - namely tax breaks, small-business loans or lawsuit protection - for private companies to invest in cybersecurity.
"We are now past the time when government can hope that industry will simply fulfil the role of fully funding cyber infrastructure security," the report said.
It's unclear how much the ISA's recommendations would cost.
The report also calls on the government to set up a comprehensive and "aggressive" cybersecurity education programme targeted at senior executives. And it calls for an extensive programme to improve the US government's own cybersecurity efforts, targeted at fixing problems at many agencies receiving poor grades on annual Federal Information Security Management Act (FISMA) reports.
"A substantial government improvement programme for all their cyber systems could provide a compelling model for the underachieving portions of industry and provide a platform to drive positive economics for improvements in nongovernment programs," the report said.
ISA officials said they were confident the Obama administration would be open to the recommendations.
"The good news is that we actually do know a great deal about how to secure our cyber systems," Clinton said. "Independent research and anecdotal reports from information security officials both indicate that as much as 80 to 90 percent of our current problem could be successfully addressed if we simply get people to adopt the security practices that have been demonstrated to work."