CISA’s Todt, in foreword to new book, cites need for industry incentives and strengthened partnerships

January 31, 2023

By Charlie Mitchell / January 31, 2023

CISA chief of staff Kiersten Todt provides the foreword to a new book on cybersecurity strategy by Internet Security Alliance leader Larry Clinton, saying a focus on economic incentives for industry cyber improvements is an essential part of a “a strong, actionable approach to industry/government collaboration.”

“We need bold action to ensure that the United States leads the world in building a resilient, complex, and secure ecosystem, grounded in economic incentives and practices and creating cultures of both innovation and responsible stewardship,” Todt writes in “Fixing American Cybersecurity: Creating a Strategic Public-Private Partnership.”

The new book was spearheaded by ISA president Larry Clinton and includes multiple contributors. It was published this week by Georgetown University Press and is available on Amazon.

“By 2020 data outpaced oil as the world’s most valuable commodity. This shift poses two pressing questions: If data is our most valuable commodity, why does it sit on an insecure Internet? And why is the USA falling behind in cybersecurity on the global stage?” Todt writes in the foreword.

“To answer these urgent questions – and more importantly, to develop solutions that address not only current cyber threats but also the growing and evolving ones we have yet to identify – it is vital to analyze not just the technological and political dimensions of this complex issue, but also its economics,” she writes.

The new book “fills a critical strategic gap,” Todt says.

She writes, “The global competitive dimension of our cyber vulnerability comes into sharp focus in the authors’ in-depth discussion of how China is winning the global race to collect data, by any and all means necessary. Meanwhile, the United States has failed to create the kinds of market incentives to accompany technological innovation that would ensure the security of data is prioritized and does not so easily fall victim to China’s practices.”

“This book,” Todt says, “effectively uses the experiences of infrastructure sectors to highlight the key challenges confronting this growing and evolving systemic risk, but also as a means for understanding where solutions lie, including how we define critical infrastructure.”

Prior to joining CISA, Todt was executive director of the Cyber Readiness Institute, which focuses on providing cyber tools to smaller entities, and was executive director of former President Obama’s Bipartisan Commission on Enhancing National Cybersecurity.

The new book is part of a package that includes the upcoming fourth edition of the “Cyber Risk Oversight Handbook for Corporate Boards,” a joint publication of ISA and the National Association of Corporate Directors coming in March, and a “companion volume” to the handbook that outlining implementation steps.

“I’m delighted to announce that this week the Internet Security Alliance will launch its Fixing American Cybersecurity campaign,” Clinton said in a press release. “Taken together the books define a new coordinated and more strategic approach to both public policy and enterprise risk managements including very specific steps on both domains of cybersecurity many of which have already been independently assessed and found to work.”

Clinton says, “The title of the policy book is quite intentional and straightforward. The nearly two dozen cybersecurity experts, typically CISOs from multiple critical industry sectors, who contributed to the volumes have collectively come to the conclusion that the USA urgently needs to fix its severe and growing cybersecurity problem. Moreover, the only viable answer is to create a strategic public private partnership – something that, rhetoric notwithstanding, we have never done before.”

The new book covers the economics of cyber, crafting a digital strategy, why current programs fail to achieve the goal of security, “Creating a Modern Structure to Address the Threat,” and incentives, as well as cyber in specific sectors including health care, defense, financial services, telecom, information technology, utility distribution, and retail. – Charlie Mitchell (