fbpx

INTERNET SECURITY ALLIANCE

Daily Cybersecurity Blog

Solarium Chairs are Right: We Need a Cyber Social Contact

Cyberspace Solarium Commission co-chairs Sen. Angus King (I-ME) and Rep. Mike Gallagher (R-WI) said Monday that the Colonia Pipeline attack “underscores the vulnerability of our national critical infrastructure in cyberspace and “the disruption is a clear example of the need to create a new social contract between the Federal government and systemically important critical infrastructure,”

Read More
Share on facebook
Share on twitter
Share on linkedin
Share on email

Join the Rethink Cybersecurity Community

Recent Post

THE FEDS SHOULD LEARN FROM THE PRIVATE SECTOR IN FIGHTING CYBER CRIME

CrowdStrike just posted their latest research on cybercrime and found that intrusions threatening organizations’ cybersecurity across the globe grew – not 25 percent – but 400 percent in 2019 and 2020 combined. Nearly four out of five of those compromises in 2020 stemmed from cybercriminals, and attacks are unlikely to let up in 2021.

Read More »

PUBLIC-PRIVATE PARTNERSHIP: PARENT-CHILD OR MARRIGE?

We are all in this together” has become one of the major narratives of the COVID era. The notion is that the virus can attack anyone of us – we are all essentially targets — and by protecting ourselves we are also protecting our friends and neighbors.

Read More »

WHY IS CYBER LAW ENFORCEMENT FAILING SO BADLY? (Part I)

The classic TV Drama Dragnet was famous for Lieutenant Joe Friday’s straight forward instruction to witnesses “Just the facts Ma’am. So, let’s look at the facts with respect to cybercrime. The World Health Organization (WEF) currently estimates cybercrime as having revenues over $2 Trillion dollars a year.

Read More »

Cyber Regulations Are Counter-Productive to True Security

The old model simply doesn’t work. All this analysis is not to impugn the policy makers who created, or more precisely attempted to adapt it, to the cyber environment. Faced with the quickening apparent threat from cyber-attacks policy makers naturally went to their ‘go-to” option using the independent agency model designed to address the hot technology of the 19th century – railroads. It was pretty much all they had.

Read More »

Some Reasons Why Cyber Regulation Doesn’t Work

In previous posts we have documented that independent research shows that even the most highly regulated industries for cybersecurity such as health care and financial services are not achieving adequate levels of cybersecurity, and in fact don’t score better on security effectiveness than less regulated sectors like IT and professional services. We have also documented that even the highly regulated federal government sector scores poorly with respect to cybersecurity effectiveness.

Read More »

WHY IS CYBERSECURITY INCLUDED IN THE COVID RELIEF BILL?

As we all know in addition to massive death and social destruction the pandemic has also brought economic collapse on many dimensions. Our economy, like just about everything else, is ultimately reliant on cyber systems. If the purpose of the legislation on the Senate floor is COVID relief then that needs to include making sure our economy recovers and our economy cannot recover unless the core systems of the economy – which in the 21st century are cyber – also recovers.

Read More »

If Government Can’t Regulate Itself, how can it Regulate Industry?

The foundational assumption of the expert agency regulatory model is that government knows what to do; all that is needed is to compel a recalcitrant private sector to follow government mandates. There is no evidence that government has attained that degree of expertise in cybersecurity. In fact, the data suggest the opposite.

Read More »

NEW CYBER PRINCIPLE SPEAKS TO “SOLARWINDS” STYLE ATTACKS

Today The World Economic Forum, in collaboration with the National Association of Corporate Directors the Internet Security Alliance and PWC is today publishing a new set of principles for boards of directors to follow in exercising their duty of cyber risk oversight. While a number of these principles will be familiar to those who have followed the ISA/NACD work one important additional principle has been added.

Read More »

CYBERSECURITY IS EASY AS NIST — NOT!

Virtually any proposed solution to the cybersecurity problem that begins with the phrase “All you have to do” …. is almost certainly wrong. Despite what some marketers of their secret formulas and special sauce may claim, cybersecurity is a difficult problem to address sustainably.

Read More »

CYBER REGULATION HAS BEEN TRIED AND IT DOESN’T WORK

In previous posts we have argued that the traditional regulatory model is ill-suited to address the nature of threats we see in cyberspace. It is too slow, too reactive, static and it sets minimums when what we need is a dynamic model equipped to grow with the ever-evolving threat.

Read More »

ANALOG SECURITY METHODS ARE ILL-SUITED TO DIGITAL PROBLEMS

If anything characterizes the 21st century it is speed and change. A generation ago people most typically had one phone in their house for their lifetime. Now we change phones (smart phones) every couple of years – at least. Waiting a FULL TWO SECONDS for a computer, or app, to download is, let’s face it very annoying.

Read More »

TO ADDRESS SYSTEMIC CYBER RISK – FOLLOW THE MONEY, AGAIN

In the early blogs in this series we illustrated that one of the major reasons not made substantial progress in securing cyberspace over the past 30 years is that we have generally thought of cyber risk primarily in technical/operational terms, and largely ignored the economic causes for most cyber-attacks.

Read More »

IMPORTANT DHS STEPS ON SYSTEMIC CYBER RISK BUT MORE WORK NEEDED

Recognizing the industry interplay, DHS recently moved to a new model based on an industry determined function-based framework. Taking a functional view widens the lens to move closer to this interconnected, multi-industry reality. Under the leadership of the Cybersecurity
& Infrastructure Security Agency (CISA), has a comprehensive program to:

Read More »

“SMALLER” SYSTEMIC CYBER ATTACKS ARE HAPPENING – IT WILL GET WORSE

The world was caught by surprise in May 2017 by the WannaCry ransomware attack. In June of the same year, a more damaging attack – NotPetya – infected many major global corporations leading to IT infrastructure damage and business disruption. The two events caused over $10 billions of economic loss and serve as a dramatic reminder of the potential for cyber-attacks of a systemic nature to cause damage at scale.

Read More »