RSA REPORT ON SECURE BY DESIGN — WE NEED AN HOV LANE

Posted on April 26, 2023 at 8:00 am

One of the many activities at RSA this week has been a series of meetings on how exactly CISA can implement the big idea in the Biden Administration’s new national cybersecurity strategy, shifting the focus on cyber from the user to the providers of cyber technology. Much of the talk around the new strategy has […]


WHAT IS BEST FOR SEC ON CYBER? OLD STYLE REGS OR NACD MODEL?

Posted on April 5, 2023 at 9:41 am

To begin with, we know the cyber risk oversight model described in the NACD-ISA Cyber Risk Handbook actually enhances cybersecurity.  We also know there is no proof the SEC proposed regulations, which have already been tried in multiple venues, will enhance cybersecurity or protect investors.  In fact, the NACD-ISA handbook is the only set of […]


INDEPENDENT REVIEW OF FIXING AMERICAN CYBERSECURITY

Posted on March 31, 2023 at 9:14 am

A Review of Fixing American Cybersecurity, Edited by Larry Clinton and Foreword by Kiersten Todt This entry was posted in Book ReviewCybersecurity on March 30, 2023 by Steven Bowcut In an era of growing cyber threats and increasing data breaches, the need for robust cybersecurity measures has never been greater. Against this backdrop, Larry Clinton’s new book, “Fixing American Cybersecurity: Creating […]


SEC NEEDS A CYBER MODEL THAT WORKS

Posted on March 30, 2023 at 9:29 am

Writing in the February edition of Foreign Affairs CISA Director Jen Easterly called for “a new model” for cybersecurity.  A month later President Biden released a new national strategy for cybersecurity which he said would “realign incentives in favor of long-term investment. When releasing the new strategy acting WH Director for Cybersecurity Kemba Waldon said, […]


The SEC: The Elephant in the New National Cyber Strategy

Posted on March 27, 2023 at 11:28 am

The Biden Administration’s new National Cybersecurity Strategy is an important first step toward improving our nation’s cybersecurity. This strategy, unlike the numerous others that have been unveiled over the past 20 years, adopts ISA’s core argument that we cannot create a sustainably secure cyber system until we rebalance the incentives for cyber-attacks. ISA is not […]


FIRST DO NO HARM: THE MANTRA FOR NEW CYBER REGULATION

Posted on March 15, 2023 at 9:17 pm

The traditional regulatory model – when applied to cybersecurity – is actually anti-security. For all the discussion around the Biden Administration’s new cyber strategy generating new regulations, this one simple fact remains. There is no evidence the cyber regs are working. The real question is not so much how much new regulations there ought to […]


WHY CYBER REGULATIONS IN NATIONAL STRATEGY MAY NOT WORK

Posted on March 6, 2023 at 10:21 am

The new National Cybersecurity Strategy released last week calls for intensified federal regulation on IT providers, while presumably shifting regulatory focus away from technology users (we will see what the regulatory agencies and the SEC has to say about that last part). The strategy asserts “regulation can level the playing field enabling healthy competition without […]


THREE QUICK STEPS TO IMPLEMENT THE NATIONAL CYBER STRATEGY (NOT WHAT YOU THINK)

Posted on March 3, 2023 at 10:00 am

There are probably various government agencies where regulators have already sharpened their virtual pencils preparing to write up some new regulations go along with the new National cybersecurity strategy released yesterday. Please put down your pens.  That is not where implementation of the new strategy needs to begin.  While much of the conversation about the […]


IS REGULATION THE ANSWER TO OUR CYBERSECURITY PROBLEM (PART I)

Posted on March 1, 2023 at 9:23 am

There is a is a common misconception that cybersecurity regulation has not been tried, and that, if only there was federal regulation of cyberspace, we would have a more secure environment. The facts don’t bear out this assertion.  In our next two posts, we will first lay out the empirical evidence that cyber regulation does […]


IS THE CYBERSECURITY PROBLEM ONE ABOUT TECH OR ECONOMICS?

Posted on February 27, 2023 at 10:14 am

Spoiler alert: It’s both.  However, virtually all of our efforts to address our cybersecurity problems have focused on the tech side and virtually none on the underlying economics of cybersecurity.  This has led to an unbalanced and ineffective government response in “providing for the common defense” in the cyber infrastructure. In their classic work, The […]