Rethinking Cyber Regulation Part II: Creating A Risk-Based Regulatory System

Posted on June 22, 2021 at 10:00 am

In our previous post, we noted that the new National Cyber Director’s office, which is charged with coordinating federal cyber policy, ought to begin that effort by evaluating and coordinating current cyber regulation. We pointed to studies (including government studies) that showed from 40 to 70 percent of federal cyber regulation – including those imposed on states and localities – is redundant and/or conflicting, thus wasting scarce cyber resources.

Rethinking Cyber Regulation — Part I

Posted on June 18, 2021 at 10:00 am

Last Thursday’s confirmation hearing for Chris Inglis and Jen Easterly renewed talk of the need for federal regulation over cybersecurity.


Posted on June 16, 2021 at 10:00 am

This post is a one in the “Rethink Cybersecurity” series. Additional posts in this series are available here Perhaps the most incisive part of Chris Inglis’ testimony before the Senate Homeland Security Committee was his statement: “Cybersecurity is comprised of far more than technology. Essential collaboration and integration will heavily depend on how roles and responsibilities […]

Can Chris Inglis Build an Effective Cyber Strategy?

Posted on June 9, 2021 at 10:33 am

In their 2019 book The Fifth Domain, Richard Clarke and Bob Knake note that the U.S. has basically not changed its cybersecurity approach since the Clinton Administration.

Treating Cybersecurity as an Economic Issue: Three Levels of Policy Action

Posted on June 4, 2021 at 10:00 am

On May 11, the chairs and ranking members of seven congressional committees that have jurisdiction over cybersecurity wrote a joint letter to National Security Advisor Jake Sullivan stressing that “cybersecurity is no longer just an ‘IT issue’ but instead an economic and national security challenge.”

Congressional Leaders Agree Cybersecurity is not just an IT Issue, finally

Posted on May 18, 2021 at 12:03 pm

By now anyone who is reading this sort of blog is aware that the ransomware epidemic is totally out of control. Colonial just paid $5 million in Bitcoin to get their data (and our gas) released. But this is by no means an isolated event. Ransomware attacks have been proliferating both in number and size of ransom for a while. Earlier in May, former CISA Director Chris Krebs told the House Cybersecurity Subcommittee that we are on the cusp of a world-wide ransomware pandemic fueled by greed.

Solarium Chairs are Right: We Need a Cyber Social Contact

Posted on May 12, 2021 at 1:30 pm

Cyberspace Solarium Commission co-chairs Sen. Angus King (I-ME) and Rep. Mike Gallagher (R-WI) said Monday that the Colonia Pipeline attack “underscores the vulnerability of our national critical infrastructure in cyberspace and “the disruption is a clear example of the need to create a new social contract between the Federal government and systemically important critical infrastructure,”

Rethinking Cybersecurity: An Idea Not Running Out of Gas

Posted on May 11, 2021 at 10:00 am

Although the massive cyberattack on Colonial Pipeline is depriving the East Coast of energy and driving gas prices up, it ironically is adding fuel to the notion that it is time to rethink our nation’s approach to cybersecurity – because what we are currently doing isn’t working. In the pivotal scene in the classic movie […]

New Federal CISO “Passionate” for Regulatory Streamlining: Action Required

Posted on May 7, 2021 at 10:30 am

At a recent meeting of the IT Sector Coordinating Council, the new U.S. Government’s Chief Information Security Officer, Chris DeRusha, welcomed a question about the extent of redundant and conflicting cybersecurity regulations that impair both state and local governments and the private sector from efficiently addressing cyber threats. Mr. DeRusha told the Council that he has long been “passionate” about the need to streamline
cybersecurity regulations dating back to his days as the Chief Information Officer for the State of Michigan.


Posted on May 3, 2021 at 10:37 am

The Internet Security Alliance (ISA) is writing to the House and Senate Committees on Appropriations in support of President’ Biden’s FY’2022 budget, as a minimum level for federal cybersecurity spending in the coming year.