Posted on May 11, 2023 at 5:34 pm
An analysis of the proposal to create a national, virtual, cybersecurity academy shows that creating the academy would not only solve the federal government’s cybersecurity workforce problem in less than 4 years but would create savings that allows the program to pay for itself – and even contribute to reducing the federal budget deficit. The […]
Posted on May 9, 2023 at 8:31 am
What could possibly be less sexy than setting technical standards? It’s a tough question, I’ll give you a minute. Maybe, writing about setting technical standards? But it’s one of those jobs that absolutely HAS to be done. Obviously, the technical standards are the building blocks of the digital world. If the standards are not done […]
Posted on April 26, 2023 at 8:00 am
One of the many activities at RSA this week has been a series of meetings on how exactly CISA can implement the big idea in the Biden Administration’s new national cybersecurity strategy, shifting the focus on cyber from the user to the providers of cyber technology. Much of the talk around the new strategy has […]
Posted on April 9, 2023 at 9:57 pm
Dear Congressional Members of the House and Senate Appropriations Committees: We are writing to urge the House and Senate Appropriations Committees in the fiscal year (FY) 2024 appropriations bill to include $200 million for the Department of Defense Cyber and Digital Service Academy (the Academy) that was authorized in the FY 2023 National Defense Authorization […]
Posted on April 5, 2023 at 9:41 am
To begin with, we know the cyber risk oversight model described in the NACD-ISA Cyber Risk Handbook actually enhances cybersecurity. We also know there is no proof the SEC proposed regulations, which have already been tried in multiple venues, will enhance cybersecurity or protect investors. In fact, the NACD-ISA handbook is the only set of […]
Posted on March 30, 2023 at 9:29 am
Writing in the February edition of Foreign Affairs CISA Director Jen Easterly called for “a new model” for cybersecurity. A month later President Biden released a new national strategy for cybersecurity which he said would “realign incentives in favor of long-term investment. When releasing the new strategy acting WH Director for Cybersecurity Kemba Waldon said, […]
Posted on March 27, 2023 at 11:28 am
The Biden Administration’s new National Cybersecurity Strategy is an important first step toward improving our nation’s cybersecurity. This strategy, unlike the numerous others that have been unveiled over the past 20 years, adopts ISA’s core argument that we cannot create a sustainably secure cyber system until we rebalance the incentives for cyber-attacks. ISA is not […]
Posted on March 15, 2023 at 9:17 pm
The traditional regulatory model – when applied to cybersecurity – is actually anti-security. For all the discussion around the Biden Administration’s new cyber strategy generating new regulations, this one simple fact remains. There is no evidence the cyber regs are working. The real question is not so much how much new regulations there ought to […]
Posted on March 6, 2023 at 10:21 am
The new National Cybersecurity Strategy released last week calls for intensified federal regulation on IT providers, while presumably shifting regulatory focus away from technology users (we will see what the regulatory agencies and the SEC has to say about that last part). The strategy asserts “regulation can level the playing field enabling healthy competition without […]
Posted on February 27, 2023 at 10:14 am
Spoiler alert: It’s both. However, virtually all of our efforts to address our cybersecurity problems have focused on the tech side and virtually none on the underlying economics of cybersecurity. This has led to an unbalanced and ineffective government response in “providing for the common defense” in the cyber infrastructure. In their classic work, The […]