U.S. officials characterize SolarWinds hack as ‘intelligence gathering’ operation, ‘likely Russian in origin
The U.S. homeland security and intelligence community in a statement today said the massive SolarWinds hack of federal and private-sector networks appears to be part of an intelligence gathering operation by a Russian “advanced persistent threat actor.” The U.S. government’s Cyber Unified Coordination Group, known as the UCG, “believes that, of the approximately 18,000 affected […]
Cyber agency demonstrates value to stakeholders amid SolarWinds, but insiders say the secret sauce must be preserved
The Cybersecurity and Infrastructure Agency has leaned into its role as industry’s risk advisor and partner in response to the SolarWinds hack, and industry sources say they are anxious to see this collaborative model preserved and extended under a Biden administration that might be inclined to more regulatory approaches to cybersecurity. Megan Brown, a partner […]
ISA’s Clinton presses case against ‘traditional regulatory models’ for securing cyberspace
Industries covered by extensive cybersecurity requirements are not achieving better security results than less-regulated sectors, underscoring the need for rethinking the way policymakers approach securing critical infrastructure, according to Internet Security Alliance president and CEO Larry Clinton. The question of increased cyber regulation is likely to come into focus as the Biden administration appoints new […]
CISA’s Kolasky unveils ‘Systemic Cyber Risk Reduction Venture’ for critical infrastructure
CISA’s National Risk Management Center is launching a multifaceted “risk reduction venture” to help organize efforts around analyzing, measuring and providing tools to address cybersecurity risks faced by critical infrastructure. “Using enterprise risk management best practices will be a focus for CISA in 2021, and today the National Risk Management Center (NRMC) is launching a […]
Government’s own cyber shortcomings undermine calls for regulatory approach, says ISA’s Clinton
The federal government lacks the expertise to mandate effective cybersecurity requirements for industry, according to Internet Security Alliance leader Larry Clinton, who says failures to secure the government’s own systems reveal the need for a major readjustment in thinking about cyber policy. “[W]e can add government to the list of sectors that are highly regulated […]
Internet Security Alliance’s Clinton makes case for providing cybersecurity funding in COVID relief package
Internet Security Alliance president Larry Clinton hopes to ensure cybersecurity funding is included in the COVID-19 relief measure about to begin moving in Congress, saying economic recovery from the pandemic is impossible “unless the core systems of the economy — which in the 21st century are cyber — also recover.” “Just as to recover physically […]
Tech leads broad industry coalition urging inclusion of IT upgrade funds in COVID relief package
Major trade groups representing the technology and other sectors are urging lawmakers to preserve $9 billion in proposed funding for IT modernization in the COVID-19 package now beginning to work its way through Congress. “We write in support of President Biden’s call for robust funding to modernize and secure federal information technology (IT) and networks […]
ISA’s Clinton: ‘Huge mistake’ to expand use of ‘backward-looking,’ ineffective cyber reg model
Cyber regulation has generally created a “backward-looking” compliance approach to cybersecurity that is antithetical to actually improving security, according to the Internet Security Alliance’s Larry Clinton, who says effective risk-management alternatives are available. “To begin with, traditional compliance is essentially a backward-looking pass-fail issue,” Clinton wrote in a Thursday blog post. “Cybersecurity, on the other hand, […]
WHY IS CYBER LAW ENFORCEMENT FAILING SO BADLY? (Part I)
The classic TV Drama Dragnet was famous for Lieutenant Joe Friday’s straight forward instruction to witnesses “Just the facts Ma’am. So, let’s look at the facts with respect to cybercrime. The World Health Organization (WEF) currently estimates cybercrime as having revenues over $2 Trillion dollars a year.
Cyber Regulations Are Counter-Productive to True Security
The old model simply doesn’t work. All this analysis is not to impugn the policy makers who created, or more precisely attempted to adapt it, to the cyber environment. Faced with the quickening apparent threat from cyber-attacks policy makers naturally went to their ‘go-to” option using the independent agency model designed to address the hot technology of the 19th century – railroads. It was pretty much all they had.
