The White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that will combine voluntary measures with incentives for firms to comply.
That method reflects recognition of a divided Congress that makes mandated standards difficult to push through, and a belief that an executive order signed by President Barack Obama in February could improve companies' cybersecurity.
Obama issued the order after a failed effort to pass legislation to ensure that critical private sector computer systems meet security standards. It directed the Commerce Department to lead a process in which critical industry sectors and the federal government jointly develop a set of cybersecurity standards.
A preliminary framework is due in October, and a final version next February.
The White House's focus now "is more about having discussions with Congress about the right incentives we could put in place to encourage the adoption of the framework," an administration official said. The possibilities include tax breaks and immunity from lawsuits for failing to protect systems.