Chapter 1 – The Economics of Cybersecurity: Advantage Attackers
Chapter 2 – Dangerous and Effective: China’s Digital Strategy
Chapter 3 – The Solar Winds of Change: The Threat of Systemic Cyber Risk
Chapter 4 – Outdated and Ineffective: Why Our Current Cybersecurity Programs Fail to Keep Us Safe
Chapter 5 – Reinventing Cybersecurity: A Strategic Partnership Approach
Chapter 6 – The Cybersecurity Policy We Need: Incentivize, Modernize, Economize
Chapter 7 – Health: Cybersecurity as a Core Element of Patient Care
Chapter 8 – Defense: Leveraging the Dual Economies of the Defense Industrial Base
Chapter 9 – Financial Services: Regulation Isn’t Enough
Chapter 10 – Energy: Protecting the Smart Grid
Chapter 11 – Retail: Serving Consumers and Keeping Them Secure
Chapter 12 – Telecommunications: Managing International Risk in a Post-COVID-19 World
Chapter 13 – Information Technology: Defining How to Govern IT
Chapter five explains how government and industry can, working together, create a more robust, modern, and comprehensive defensive structure. For years, numerous cybersecurity policy commissions and task forces have proposed reforms (many quite similar) most of which have not been implemented in part because once the policies are recommended there is no structural mechanism to direct an overarching digital strategy. The USG needs to go through a process of digital transformation and adapt structural reforms modeled on those developed and evaluated by the private sector. In addition to policy reforms, which are discussed in the next chapter, structural reform is required such as the creation of a new White House Office of Digital Strategy and Security (ODSS) which would have a far broader mandate than the current Office of the Cybersecurity Director. The ODSS would be charged with developing a full digital strategy for the USA, including but not artificially limited to cybersecurity. The US also needs to leverage empirically proven management techniques with the unique and powerful advantages western democratic norms and market economies. This would include adapting Principles for strategic cybersecurity developed the National Association of Corporate Directors. These principles have been independently assessed by PWC and shown to generate improved cyber risk. Management, better alignment between cybersecurity and overall mission objectives and encouraging a culture of security. The ODSS would also utilize enhanced partnership models for cybersecurity such as those studied cooperatively by DHS and the IT Sector Coordinating Council which were shown to increase both engagement and effectiveness. Additional structural reforms in the financial services industry have shown by McKinsey to improve cybercrime programs while also reducing costs
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.
Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.
Alexander T. Green is a staff editor for the Georgetown Journal of Law and Public Policy and is Vice President of the Corporate and Financial Law Organization. He holds a Juris Doctor from Georgetown Law.