The Internet Security Alliance is asking the federal government to create a range of incentives that would reward private companies for doing a better job of securing their IT systems. The Internet Security Alliance (ISAlliance) has published a white paper outlining a new set of guidelines for fighting cyber-criminals that calls on privately-held companies to do a better job of securing their IT systems, but asks the federal government to lend a hand in that work.In the paper, ISAlliance — a collaboration of the Electronic Industries Alliance and Carnegie Mellon University’s CyLab — lays out a set of measures it would like the federal government to adopt in order to aid, protect and reward businesses who invest in defending their operations.The paper specifically calls on federal agencies to create incentives for private industry to utilize well established practices for improving IT security. “The threats to the world’s Internet infrastructure are real and growing,” Ken Silva, chairman of the ISAlliance board of directors, and chief information security officer for VeriSign, said in a statement. “We must intensify our efforts to convince industry to adopt and maintain best practices that will lead to a secure and sustainable system,” said Silva. “The private sector knows a good deal about how to protect this infrastructure; the federal government’s role ought to be to provide incentives encouraging corporations to utilize these practices.”Among the suggested policies the ISAllaince would like to see the government adopt are: -For Dept of Commerce and Dept. of Homeland Security officials to give more attention to IT security within the context of attack preparedness-For federal agencies to establish a mechanism which will enable companies that adopt standards-based security practices to be qualified to receive incentives.-For private companies to be able to acquire additional cyber-security insurance to cover losses arising from catastrophic events and limit their liability to third-parties. -For the Dept. of Homeland Security to create a national program for temporary, short term reinsurance through which insurers may purchase reinsurance coverage for their exposure to catastrophic losses under these policies.-For companies with appropriate attack insurance to have litigation-related incentives available, excluding liability for consequential and punitive damages.-To create privacy reform legislation establishing federal limitation of liability for companies that experience breaches of personal information that occur despite their use of standards-based security best practices. The nonprofit group noted that the paper eschews tax incentives because those measures can be “difficult to enact” and often require federal budget cuts elsewhere.“Government regulations can’t keep up with Internet threats, but the profit motive can,” said ISAlliance President Larry Clinton in a statement. “Unfortunately, most companies see investment in security as a cost center.”“We will need to alter that perception if we are to create a system wide secure and sustainable Internet; the best way to do that is through market incentives,” said Clinton. “Virtually all of these programs are already in use the agriculture, transportation and energy and other sectors, but they haven’t yet been integrated into cyber-security policy.” Security