Regulation of Cybersecurity Has Been Tried and It Doesn’t Work

Posted on January 21, 2022 at 12:11 pm

By Larry Clinton The focus of the current series of posts is to suggest the need for new directions in cybersecurity policy.  Put succinctly, it’s not just that we need to do cybersecurity better – it’s that we need to do cybersecurity differently. Why? Because we are getting killed out there. Cybercriminals generate roughly $2 trillion […]


Playoffs Time: What Can Cyber Policymakers Learn from the NFL?

Posted on January 17, 2022 at 1:07 pm

This blog series began by asserting that in the new year, given the obvious ineffectiveness of our current cyber policies it’s time for policymakers to begin focusing on issues that might really matter in terms of creating a sustainably secure system.  We then moved forward to identify two major areas where government could really make a […]


New Year’s Cyber Resolution: Modernize Cyber Law Enforcement

Posted on January 14, 2022 at 11:48 am

By Larry Clinton In this series of posts, we have been arguing that now is a time to rethink our efforts to create a sustainably secure cyber ecosystem.  The core notion of this rethinking would be to, finally, begin focusing more on programmatic changes that will truly impact the security of cyberspace, as opposed to the […]


New Year’s Cyber Policy Resolution #1: Get Serious About Workforce Development

Posted on January 10, 2022 at 11:29 am

By Larry Clinton Last week, we discussed that we needed to make a New Year’s resolution to start talking about things that really matter for cybersecurity. One area that really matters if we’re serious about improving our cybersecurity is addressing the current workforce shortage. We can never create an adequately secure our cyber systems unless […]


A NEW YEAR’S CYBER RESOLUTION: LET’S START TALKING ABOUT THINGS THAT REALLY MATTER

Posted on January 3, 2022 at 11:51 am

By Larry Clinton, President and CEO, Internet Security Alliance I have to say I’m disappointed the language requiring more stringent timelines for reporting cyber events to the government didn’t make it into the National Defense Authorization Act (NDAA). I’m not disappointed because I have strong feelings one way or another about that provision – to […]


GUEST BLOG: U.S. Acts against Huawei and ZTE, Allies Disadvantaged in Replicating “Rip and Replace”

Posted on September 2, 2021 at 11:00 am

By Sarina Krantzler, ISA Research Associate “The greatest victory is that which requires no battle” – Sun Tzu, The Art of War In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as […]


GUEST BLOG: China’s Digital Strategy Threatens U.S. National Security & Diplomatic Partnerships

Posted on August 31, 2021 at 11:00 am

By Sarina Krantzler, ISA Research Associate This post is the first of two blogs concerning China’s Digital Strategy. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If […]


CYBERSECURITY: STAKEHOLDERS OR PARTNERS? RETURN ON REPORTING?

Posted on August 30, 2021 at 11:47 am

This week the House Homeland Security Cyber Subcommittee will hold a hearing on one of the hottest legislative topics in the field entitled “Stakeholder Perspectives on the Cyber Incident Reporting for Critical Infrastructure Act of 2021” The witnesses will include representatives from IT, Telecommunications, and financial services industries -– all major players in the so-called, […]


Rethinking Ransomware: We Can Win If We Want To

Posted on June 29, 2021 at 10:11 am

I’m sure everyone reading this blog knows that about 2 months ago, Colonial Pipeline was hit with a ransomware attack and paid $4.4 million dollars. Just a few weeks later, the FBI announced that it had recovered about half the ransom. What does that prove?  It proves our law enforcement agencies can achieve significant successes […]


Rethinking Cyber Regulation Part II: Creating A Risk-Based Regulatory System

Posted on June 22, 2021 at 10:00 am

In our previous post, we noted that the new National Cyber Director’s office, which is charged with coordinating federal cyber policy, ought to begin that effort by evaluating and coordinating current cyber regulation. We pointed to studies (including government studies) that showed from 40 to 70 percent of federal cyber regulation – including those imposed on states and localities – is redundant and/or conflicting, thus wasting scarce cyber resources.