Some Reasons Why Cyber Regulation Doesn’t Work
In previous posts we have documented that independent research shows that even the most highly regulated industries for cybersecurity such as health care and financial services are not achieving adequate levels of cybersecurity, and in fact don’t score better on security effectiveness than less regulated sectors like IT and professional services. We have also documented that even the highly regulated federal government sector scores poorly with respect to cybersecurity effectiveness.
Defining success and mapping the road ahead for public-private partnership and critical infrastructure cybersecurity
Sean Atkins is a PhD candidate in security studies and international relations. His research focuses on national defense in cyberspace and cyber statecraft. He is also an active-duty US Air Force officer whose service ranges from national cyber policy development to multiple counterinsurgency operations deployments. FALL 20/WINTER 21 : précis Student Feature : Sean Atkins The recent […]
WHY IS CYBERSECURITY INCLUDED IN THE COVID RELIEF BILL?
As we all know in addition to massive death and social destruction the pandemic has also brought economic collapse on many dimensions. Our economy, like just about everything else, is ultimately reliant on cyber systems. If the purpose of the legislation on the Senate floor is COVID relief then that needs to include making sure our economy recovers and our economy cannot recover unless the core systems of the economy – which in the 21st century are cyber – also recovers.
PODCAST – Public-Private Partnership and Cybersecurity for Critical Infrastructure (Larry Clinton Panelist) (MIT, December 10, 2020
Government’s own cyber shortcomings undermine calls for regulatory approach, says ISA’s Clinton
The federal government lacks the expertise to mandate effective cybersecurity requirements for industry, according to Internet Security Alliance leader Larry Clinton, who says failures to secure the government’s own systems reveal the need for a major readjustment in thinking about cyber policy. “[W]e can add government to the list of sectors that are highly regulated […]
What is the World Economic Forum doing on cybersecurity – 6 principles to unite business in the fight against cybercrime
• The COVID-19 pandemic has opened more opportunities for cyberattacks. • Not enough board members understand the threat to their business. • The World Economic Forum, PwC, NACD and ISA are partnering to define key principles of good cybersecurity governance . In 2020, malevolent actors took advantage of the pandemic. The rush to digital-first arrangements […]
If Government Can’t Regulate Itself, how can it Regulate Industry?
The foundational assumption of the expert agency regulatory model is that government knows what to do; all that is needed is to compel a recalcitrant private sector to follow government mandates. There is no evidence that government has attained that degree of expertise in cybersecurity. In fact, the data suggest the opposite.
NEW CYBER PRINCIPLE SPEAKS TO “SOLARWINDS” STYLE ATTACKS
Today The World Economic Forum, in collaboration with the National Association of Corporate Directors the Internet Security Alliance and PWC is today publishing a new set of principles for boards of directors to follow in exercising their duty of cyber risk oversight. While a number of these principles will be familiar to those who have followed the ISA/NACD work one important additional principle has been added.
AN ADVERSARIAL REGULATORY MODEL IS ANTI-CYBERSECURITY
A major reason why we are not making progress in securing cyberspace – and we are in fact losing ground rapidly– is that for the most part we have mis-analyzed the issue as a case of traditional corporate malfeasance.
CYBERSECURITY IS EASY AS NIST — NOT!
Virtually any proposed solution to the cybersecurity problem that begins with the phrase “All you have to do” …. is almost certainly wrong. Despite what some marketers of their secret formulas and special sauce may claim, cybersecurity is a difficult problem to address sustainably.
