News Articles

The Pentagon’s Cybersecurity Maturity Model Certification program will fall short in securing the Defense Industrial Base because it fails to address underlying economic realities that limit how much small and mid-sized businesses can invest in cyber, according to the industry-based Internet Security Alliance. “However, it is sadly predictable that the CMMC, however much an improvement, […]

Cyber vulnerabilities in the retail sector, always a hot topic during the holidays, require an examination of underlying economics and incentives that could drive improvements in retailers’ cybersecurity, according to an Internet Security Alliance assessment that tracks with the group’s prescription for shoring up cyber across critical infrastructure. “The retail sector is one of the […]

Larry Clinton of the Internet Security Alliance says the massive SolarWinds hack highlights the need for a rethinking of cybersecurity policy that goes well beyond Cyberspace Solarium Commission recommendations folded into the national defense bill, while the Congressional Research Service has issued a paper saying “existing programs” were unlikely to have foiled the sophisticated infiltration […]

Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]

The U.S. homeland security and intelligence community in a statement today said the massive SolarWinds hack of federal and private-sector networks appears to be part of an intelligence gathering operation by a Russian “advanced persistent threat actor.” The U.S. government’s Cyber Unified Coordination Group, known as the UCG, “believes that, of the approximately 18,000 affected […]

The Cybersecurity and Infrastructure Agency has leaned into its role as industry’s risk advisor and partner in response to the SolarWinds hack, and industry sources say they are anxious to see this collaborative model preserved and extended under a Biden administration that might be inclined to more regulatory approaches to cybersecurity. Megan Brown, a partner […]

Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]

CISA’s National Risk Management Center is launching a multifaceted “risk reduction venture” to help organize efforts around analyzing, measuring and providing tools to address cybersecurity risks faced by critical infrastructure. “Using enterprise risk management best practices will be a focus for CISA in 2021, and today the National Risk Management Center (NRMC) is launching a […]

The federal government lacks the expertise to mandate effective cybersecurity requirements for industry, according to Internet Security Alliance leader Larry Clinton, who says failures to secure the government’s own systems reveal the need for a major readjustment in thinking about cyber policy. “[W]e can add government to the list of sectors that are highly regulated […]

Internet Security Alliance president Larry Clinton hopes to ensure cybersecurity funding is included in the COVID-19 relief measure about to begin moving in Congress, saying economic recovery from the pandemic is impossible “unless the core systems of the economy — which in the 21st century are cyber — also recover.” “Just as to recover physically […]