STOP BLAMING THE VICTIM: 7 PRINCIPLES SECURE BY DESIGN & DEFAULT 

Posted on September 14, 2023 at 5:00 am

Introduction by ISA President Larry Clinton The reality is that we are losing the fight to sustainably secure our cyber networks – and losing badly. This means we need to change the way we have been approaching the issue. That begins by stopping the blame game focusing on the victims of cyber-attack and beginning to […]


VIRTUAL CYBER ACADEMY WOULD SOLVE WORKFORCE ISSUE AND HELP REDUCE THE DEFICIT

Posted on May 11, 2023 at 5:34 pm

An analysis of the proposal to create a national, virtual, cybersecurity academy shows that creating the academy would not only solve the federal government’s cybersecurity workforce problem in less than 4 years but would create savings that allows the program to pay for itself – and even contribute to reducing the federal budget deficit. The […]


Joint Letter from ISA and AGB to House and Senate Appropriations Committee

Posted on April 9, 2023 at 9:57 pm

Dear Congressional Members of the House and Senate Appropriations Committees: We are writing to urge the House and Senate Appropriations Committees in the fiscal year (FY) 2024 appropriations bill to include $200 million for the Department of Defense Cyber and Digital Service Academy (the Academy) that was authorized in the FY 2023 National Defense Authorization […]


INDEPENDENT REVIEW OF FIXING AMERICAN CYBERSECURITY

Posted on March 31, 2023 at 9:14 am

A Review of Fixing American Cybersecurity, Edited by Larry Clinton and Foreword by Kiersten Todt This entry was posted in Book ReviewCybersecurity on March 30, 2023 by Steven Bowcut In an era of growing cyber threats and increasing data breaches, the need for robust cybersecurity measures has never been greater. Against this backdrop, Larry Clinton’s new book, “Fixing American Cybersecurity: Creating […]


SEC NEEDS A CYBER MODEL THAT WORKS

Posted on March 30, 2023 at 9:29 am

Writing in the February edition of Foreign Affairs CISA Director Jen Easterly called for “a new model” for cybersecurity.  A month later President Biden released a new national strategy for cybersecurity which he said would “realign incentives in favor of long-term investment. When releasing the new strategy acting WH Director for Cybersecurity Kemba Waldon said, […]


FIRST DO NO HARM: THE MANTRA FOR NEW CYBER REGULATION

Posted on March 15, 2023 at 9:17 pm

The traditional regulatory model – when applied to cybersecurity – is actually anti-security. For all the discussion around the Biden Administration’s new cyber strategy generating new regulations, this one simple fact remains. There is no evidence the cyber regs are working. The real question is not so much how much new regulations there ought to […]


WHY CYBER REGULATIONS IN NATIONAL STRATEGY MAY NOT WORK

Posted on March 6, 2023 at 10:21 am

The new National Cybersecurity Strategy released last week calls for intensified federal regulation on IT providers, while presumably shifting regulatory focus away from technology users (we will see what the regulatory agencies and the SEC has to say about that last part). The strategy asserts “regulation can level the playing field enabling healthy competition without […]


THREE QUICK STEPS TO IMPLEMENT THE NATIONAL CYBER STRATEGY (NOT WHAT YOU THINK)

Posted on March 3, 2023 at 10:00 am

There are probably various government agencies where regulators have already sharpened their virtual pencils preparing to write up some new regulations go along with the new National cybersecurity strategy released yesterday. Please put down your pens.  That is not where implementation of the new strategy needs to begin.  While much of the conversation about the […]


IS REGULATION THE ANSWER TO OUR CYBERSECURITY PROBLEM (PART I)

Posted on March 1, 2023 at 9:23 am

There is a is a common misconception that cybersecurity regulation has not been tried, and that, if only there was federal regulation of cyberspace, we would have a more secure environment. The facts don’t bear out this assertion.  In our next two posts, we will first lay out the empirical evidence that cyber regulation does […]


IS THE CYBERSECURITY PROBLEM ONE ABOUT TECH OR ECONOMICS?

Posted on February 27, 2023 at 10:14 am

Spoiler alert: It’s both.  However, virtually all of our efforts to address our cybersecurity problems have focused on the tech side and virtually none on the underlying economics of cybersecurity.  This has led to an unbalanced and ineffective government response in “providing for the common defense” in the cyber infrastructure. In their classic work, The […]