A panel discussion of ISA board members during the ISA 15th Anniversary Conference. From left to right: Larry Clinton, (ISA), Dustin Wilcox (Centene), Bob Zandoli (Bunge), Brian Raymond (NAM), Richard Spearman (Vodafone)
A panel discussion of ISA board members during the ISA 15th Anniversary Conference. From left to right: Larry Clinton, (ISA), Dustin Wilcox (Centene), Bob Zandoli (Bunge), Brian Raymond (NAM), Richard Spearman (Vodafone)

When we began in 2001, the ISA was the only organization in Washington, D.C., dedicated to advocating for a market-run model of cybersecurity.

Flash forward 15 years, and we still occupy a unique position in the nation’s capital—but we have numerous friends, many who joined us to discuss and celebrate during a day-long conference 15 years of advocacy for a market-based model of sustainable cybersecurity.

The conference was be held in conjunction with the release of ISA’s new book, The Cyber Security Social Contract: Implementing a Market-Based Model for Cybersecurity. The book and event was built around the question: “If you had 30 minutes with the next President to advise on cyber security policy in your sector, what would you say?”

If you go back a decade, there were only two views on how to address the cyber security problem. One was to leave the internet free of any government involvement and the market alone would solve the problem. Another said the problem was so severe we needed a set of government mandates – a sort of Sarbanes-Oxley bill for cybersecurity.

A panel discussion of ISA board members during the ISA 15th Anniversary Conference. From left to right: Larry Trittschuh (Synchrony Financial), Jeff Brown (Raytheon), Gary McAlum (USAA), Scott DePasquale (Utilidata)
A panel discussion of ISA board members during the ISA 15th Anniversary Conference. From left to right: Larry Trittschuh (Synchrony Financial), Jeff Brown (Raytheon), Gary McAlum (USAA), Scott DePasquale (Utilidata)

ISA came up with a third model, the Cyber Security Social Contract, which calls for industry and government to collaborate and determine what standards and practices ought to be adopted voluntarily by industry, promoted by market incentives from government.

After fighting through a series of regulatory legislative efforts, eventually the House Republican Cybersecurity Task Force and the Obama administration embraced the Social Contract principles and we have seen limited implementation of this model, such as through the CISA information sharing bill. Our book attempts to take this model to the next level and offer the new administration and Congress a pathway to more aggressively addressing the growing cyber issues we face.

House Homeland Security Committee Chairman Mike McCaul delivers a keynote speech during the ISA 15th Anniversary Conference
House Homeland Security Committee Chairman Mike McCaul delivers a keynote speech during the ISA 15th Anniversary Conference

Participation in the conference included members of the ISA board of directors and senior government officials. Among the latter were White House Cybersecurity Coordinator Michael Daniel, Homeland Security Under Secretary for the National Protection and Programs Directorate Suzanne Spaulding and John Carlin, assistant attorney general for national security. Members of Congress also spoke, including House Homeland Security Chairman Mike McCaul and Rep. Will Hurd, chairman of the House Oversight and Government Reform information technology subcommittee.