fbpx

INTERNET SECURITY ALLIANCE

Daily Cybersecurity Blog

A RISK-BASED APPROACH TO NATIONAL CYBERSECURITY

ISA congratulates CISA’s National Risk Management Center, and Director Kolasky for this vitally needed initiative.  The SolarWinds attacks have brought to everyone’s attention the need to rethink how we are conceptualizing cyber-attacks.  As we have pointed out in numerous blogs over the past two months the SolarWinds attack is a paradigm shift that makes future attack= all the more dangerous and difficult to address.  This evolution in attack method also highlights that traditional methods such as regulatory mandates on entities are ill suited to address these newer attack. ISA is delighted NRMC is undertaking this intuitive and pledges its support and cooperation.  In point of fact the private sector probably has far more information

Read More
Share on facebook
Share on twitter
Share on linkedin
Share on email

Join the Rethink Cybersecurity Community

Recent Post

CYBER REGULATION HAS BEEN TRIED AND IT DOESN’T WORK

In previous posts we have argued that the traditional regulatory model is ill-suited to address the nature of threats we see in cyberspace. It is too slow, too reactive, static and it sets minimums when what we need is a dynamic model equipped to grow with the ever-evolving threat.

Read More »

ANALOG SECURITY METHODS ARE ILL-SUITED TO DIGITAL PROBLEMS

If anything characterizes the 21st century it is speed and change. A generation ago people most typically had one phone in their house for their lifetime. Now we change phones (smart phones) every couple of years – at least. Waiting a FULL TWO SECONDS for a computer, or app, to download is, let’s face it very annoying.

Read More »

TO ADDRESS SYSTEMIC CYBER RISK – FOLLOW THE MONEY, AGAIN

In the early blogs in this series we illustrated that one of the major reasons not made substantial progress in securing cyberspace over the past 30 years is that we have generally thought of cyber risk primarily in technical/operational terms, and largely ignored the economic causes for most cyber-attacks.

Read More »

IMPORTANT DHS STEPS ON SYSTEMIC CYBER RISK BUT MORE WORK NEEDED

Recognizing the industry interplay, DHS recently moved to a new model based on an industry determined function-based framework. Taking a functional view widens the lens to move closer to this interconnected, multi-industry reality. Under the leadership of the Cybersecurity
& Infrastructure Security Agency (CISA), has a comprehensive program to:

Read More »

“SMALLER” SYSTEMIC CYBER ATTACKS ARE HAPPENING – IT WILL GET WORSE

The world was caught by surprise in May 2017 by the WannaCry ransomware attack. In June of the same year, a more damaging attack – NotPetya – infected many major global corporations leading to IT infrastructure damage and business disruption. The two events caused over $10 billions of economic loss and serve as a dramatic reminder of the potential for cyber-attacks of a systemic nature to cause damage at scale.

Read More »

CONGRESS DOES TWO THINGS WELL: NOTHING & OVERREACT

The man who founded the organization I work for, the Internet Security Alliance, was Dave McCurdy. Mr. McCurdy was the former Chair of the House Intelligence Committee. Dave was fond of reminding people, “Congress does two things well: Nothing and overreact.”

Read More »

MR. BIDEN: ON CYBERSECURITY — SHOW US THE MONEY

President-elect Joe Biden’s response to the Russian cyber-attack, that could turn out to be the most serious security breach since World War II, was his vow that “I will not stand by idlily in the face of cyber assaults on our country”

Read More »

LESSONS LEARNED FROM RUSSIAN HACK: WE NEED TO RETHINK OUR APPROACH

There are actually many lessons to be learned from the largest and most sophisticated cyber-attack to date reported in the New York Times Sunday, but perhaps the most basic is that what we are doing now to protect ourselves in cyberspace isn’t working. We need to rethink our approach to cybersecurity.

Read More »

Chinese Tech: Spying Around the World They Just Can’t No

In earlier posts we documented that China through their comprehensive digital policies – largely articulated in their Belt and Road and Digital Silk road initiatives — has launched a comprehensive program to embed their technologies around the world. We have also indicated that this program has already succeeded throughout much of the world placing the west in general, and the USA in particular at a substantial geo-political disadvantage.

Read More »