fbpx

INTERNET SECURITY ALLIANCE

Daily Cybersecurity Blog

Biden Budget is Minimum Needed for Cybersecurity

Dear Members of the House and Senate Appropriations Committees: The Internet Security Alliance (ISA) is writing to the in support of using President’ Biden’s FY’2022 far budget, as a minimum level for federal cybersecurity spending in the coming year. It is ISA’s steadfast belief that the funding requirements for federal spending on cybersecurity should not be assessed primarily by using our past funding as a baseline.  It is a common misconception that the root cause of our cyber insecurity is that there is something wrong with the technologies.  However, the problem isn’t that the technologies are flawed – it is that the technologies are under attack. As a result, we would urge the Committee

Read More
Share on facebook
Share on twitter
Share on linkedin
Share on email

Join the Rethink Cybersecurity Community

Recent Post

WOULD YOU BUILD ROADS YOU KNEW WERE UNSAFE?

President Biden’s massive infrastructure proposal – dubbed infrastructure for the digital age – includes a wide variety of items not traditionally thought of as infrastructure such as home health care, as well as some items that are very much digital infrastructure such as $650 million for expanded broadband networks.

Read More »

CISA TO CONGRESS: SHOW ME THE MONEY!!!

“We need to rethink our approach to managing cybersecurity,” said Cybersecurity and Infrastructure Security Agency (CISA) Acting Director Brandon Wales at a House Appropriations Homeland Security Subcommittee hearing last week last week.

Read More »

The Cyber Policy Path Forward

Guest Blog: Robert Mayer USTelecom’s Senior Vice President of Cybersecurity & Innovation There can be no clearer evidence of the need for industry and government

Read More »

A NEW ROLE FOR MILITARY IN NATION STATE CYBER ATTACKS

As Commander-In-Chief, the President is the ultimate strategic player in defending the country. Merriam-Webster defines warfare as military operations between enemies, also:an activity undertaken by a political unit (such as a nation) to weaken or destroy another

Read More »

TIME TO DO SOMETHING ABOUT CYBER CRIME

For the past two weeks we have been documenting the enormous costs, and total lack of effective action to address cyber-crime. Without repeating the staggering statistics, the evidence shows demonstrably that cyber criminals are getting filthy rich, their businesses expanding and innovating and there is virtually no chance that virtually any of the criminals are going to be held responsible.

Read More »

Legal Structures are a Barrier to Fighting Cybercrime

International jurisdictional disputes often keep law enforcement from effectively operating. What may be legal in one country may not be legal in the U.S. and may be treated differently in a third country. In these instances where cybercriminals are at large internationally, countries require extradition agreements. The U.S. has many of these such agreements, but currently does not have them with China or Russia.

Read More »

DISORGANIZED LAW ENFORCEMENT AT THE CAPITOL: JUST LIKE CYBER

The lead story in today’s New York Times on the investigation into the January 6 attack on the U.S. Capitol reports that yesterday’s Senate hearing “also showed that the overlapping jurisdiction of the Capitol Police, District of Columbia government and other agencies created utter confusion that hindered attempts to stop the assault.”

Read More »

THE FEDS SHOULD LEARN FROM THE PRIVATE SECTOR IN FIGHTING CYBER CRIME

CrowdStrike just posted their latest research on cybercrime and found that intrusions threatening organizations’ cybersecurity across the globe grew – not 25 percent – but 400 percent in 2019 and 2020 combined. Nearly four out of five of those compromises in 2020 stemmed from cybercriminals, and attacks are unlikely to let up in 2021.

Read More »

PUBLIC-PRIVATE PARTNERSHIP: PARENT-CHILD OR MARRIGE?

We are all in this together” has become one of the major narratives of the COVID era. The notion is that the virus can attack anyone of us – we are all essentially targets — and by protecting ourselves we are also protecting our friends and neighbors.

Read More »

WHY IS CYBER LAW ENFORCEMENT FAILING SO BADLY? (Part I)

The classic TV Drama Dragnet was famous for Lieutenant Joe Friday’s straight forward instruction to witnesses “Just the facts Ma’am. So, let’s look at the facts with respect to cybercrime. The World Health Organization (WEF) currently estimates cybercrime as having revenues over $2 Trillion dollars a year.

Read More »

Cyber Regulations Are Counter-Productive to True Security

The old model simply doesn’t work. All this analysis is not to impugn the policy makers who created, or more precisely attempted to adapt it, to the cyber environment. Faced with the quickening apparent threat from cyber-attacks policy makers naturally went to their ‘go-to” option using the independent agency model designed to address the hot technology of the 19th century – railroads. It was pretty much all they had.

Read More »

Some Reasons Why Cyber Regulation Doesn’t Work

In previous posts we have documented that independent research shows that even the most highly regulated industries for cybersecurity such as health care and financial services are not achieving adequate levels of cybersecurity, and in fact don’t score better on security effectiveness than less regulated sectors like IT and professional services. We have also documented that even the highly regulated federal government sector scores poorly with respect to cybersecurity effectiveness.

Read More »

WHY IS CYBERSECURITY INCLUDED IN THE COVID RELIEF BILL?

As we all know in addition to massive death and social destruction the pandemic has also brought economic collapse on many dimensions. Our economy, like just about everything else, is ultimately reliant on cyber systems. If the purpose of the legislation on the Senate floor is COVID relief then that needs to include making sure our economy recovers and our economy cannot recover unless the core systems of the economy – which in the 21st century are cyber – also recovers.

Read More »

If Government Can’t Regulate Itself, how can it Regulate Industry?

The foundational assumption of the expert agency regulatory model is that government knows what to do; all that is needed is to compel a recalcitrant private sector to follow government mandates. There is no evidence that government has attained that degree of expertise in cybersecurity. In fact, the data suggest the opposite.

Read More »

NEW CYBER PRINCIPLE SPEAKS TO “SOLARWINDS” STYLE ATTACKS

Today The World Economic Forum, in collaboration with the National Association of Corporate Directors the Internet Security Alliance and PWC is today publishing a new set of principles for boards of directors to follow in exercising their duty of cyber risk oversight. While a number of these principles will be familiar to those who have followed the ISA/NACD work one important additional principle has been added.

Read More »