ARCHIVED 12/3/09

December 3, 2009

To view the original article please click here.


GSN: Government Security News, 12/03/2009

The Internet Security Alliance (ISA) has released a new report aimed at taking the Obama Administration’s ‘Cyberspace Policy Review’ document to the next level, according to a recent ISA press release.

‘ISA is supportive of the Obama Administration’s document,’ ISA President Larry Clinton said. ‘Now, the private sector needs to formulate how we can implement programs in areas where we have conceptual agreement with the administration. Our report does that by proposing frameworks for implementing solutions to key cybersecurity issues both ISA and the Obama Administration think are important.’

Titled, Implementing the Obama Cyber Security Strategy via the ISA Social Contract Model , the report emphasizes the need to focus on the economics of cybersecurity.

‘When it comes to cybersecurity, all of the economic incentives favor the attackers,’ Clinton said. ‘Attacks are relatively easy, cheap, and the gains from them can be enormous. On the other hand, defense can be costly. The perimeter to defend is virtually infinite and there is often limited return on cybersecurity investments. We will never have a sustainable system of cybersecurity until we change the economic equation that governs it.’

The report includes frameworks for creating a public/private partnership model to enhance cybersecurity at the business plan level; addressing the international issues in cybersecurity; securing the global IT supply chain; and establishing a new model for information sharing, among other things.

The common thread linking all of the frameworks is their adherence to the ISA’s Cyber Security Social Contract Model. The ISA model is based on the successful partnership between government and industry to address the need for universal telephone and power service in the early 20th century.