TWENTY-FIVE WAYS TO ENHANCE CYBERSECURITY WITHOUT NEW REGULATIONS
Absent a few notable exceptions, traditional regulation has not worked to improve our cybersecurity. There are multiple reasons why it generally doesn’t improve security and is often actually counterproductive which we (ISA) describe in our recent book Fixing American Cybersecurity: Creating a Strategic Public Private Partnership (Georgetown University Press 2023) so, we won’t detail them […]
STREAMLING CYBERSECURITY REGULATION: AN ELEGANT SOLUTION
In science and public policy, a principal goal is to develop an elegant solution. Elegance is generally defined as the simplest statement that most completely solves the problem. The quintessential example of scientific elegance is Einstein’s explanation of the theory of relativity E=mc2. Beautiful. The Biden Administration has just released its proposal to address the […]
Cyber Director Position Remains Vacant: ISA Urges a New Strategy for Cybersecurity
In an increasingly interconnected world, cybersecurity has become a paramount concern for governments, businesses, and individuals alike. The Government Accountability Office (GAO) recently published an article titled “Cybersecurity: Actions Needed to Address Challenges and Improve the Federal Government’s Management of Cybersecurity Risks,” shedding light on the critical issues facing our nation’s cybersecurity efforts. To address […]
ISA APPLAUDS DOD EFFORTS TO HELP SMALL COMPANIES ON COLLECTIVE DEFENSE — MORE WORK ON INCENTIVES NEEDED
BY LARRY CLINTON AND ANNA MISKELLY As the Pentagon’s Cybersecurity Maturity Model Certification (CMMC) program rulemaking looms over the defense industrial base (DIB), the Pentagon released a two-page fact sheet highlighting free services offered to companies to help reach compliance. Services such as Project Spectrum and the Blue Cyber Initiative focus on small businesses, targeting […]
Congress Taking Steps to Address the Biggest Technological Threat of Our Time
By Larry Clinton and Sarah Harmon This past week, the House Armed Services Committee approved amendment language for the proposed 2024 National Defense Authorization Act (NDAA) to bolster our country’s cybersecurity and emerging technology programs next year. These changes aim to improve the U.S.’s ability to compete with China across several technology sectors, with a […]
QUESTIONS FOR THE BOARD TO CONSIDER IN USING AI
It took Netflix two and a half years to reach 1 million users. Facebook did it in 10 months. Chat GPT did it 5 days. Just as the Internet fundamentally disrupted business plans a decade ago, so, too, is generative artificial intelligence now changing the world – only at a far accelerated pace. Management teams […]
VIRTUAL CYBER ACADEMY WOULD SOLVE WORKFORCE ISSUE AND HELP REDUCE THE DEFICIT
An analysis of the proposal to create a national, virtual, cybersecurity academy shows that creating the academy would not only solve the federal government’s cybersecurity workforce problem in less than 4 years but would create savings that allows the program to pay for itself – and even contribute to reducing the federal budget deficit. The […]
CHINA BEATING US ON TECH STANDARDS – BIDEN NATIONAL STRATEGY NEEDED
What could possibly be less sexy than setting technical standards? It’s a tough question, I’ll give you a minute. Maybe, writing about setting technical standards? But it’s one of those jobs that absolutely HAS to be done. Obviously, the technical standards are the building blocks of the digital world. If the standards are not done […]
RSA REPORT ON SECURE BY DESIGN — WE NEED AN HOV LANE
One of the many activities at RSA this week has been a series of meetings on how exactly CISA can implement the big idea in the Biden Administration’s new national cybersecurity strategy, shifting the focus on cyber from the user to the providers of cyber technology. Much of the talk around the new strategy has […]
WHAT IS BEST FOR SEC ON CYBER? OLD STYLE REGS OR NACD MODEL?
To begin with, we know the cyber risk oversight model described in the NACD-ISA Cyber Risk Handbook actually enhances cybersecurity. We also know there is no proof the SEC proposed regulations, which have already been tried in multiple venues, will enhance cybersecurity or protect investors. In fact, the NACD-ISA handbook is the only set of […]
