Chapter five explains how government and industry can, working together, create a more robust, modern, and comprehensive defensive structure. For years, numerous cybersecurity policy commissions and task forces have proposed reforms (many quite similar) most of which have not been implemented in part because once the policies are recommended there is no structural mechanism to direct an overarching digital strategy. The USG needs to go through a process of digital transformation and adapt structural reforms modeled on those developed and evaluated by the private sector. In addition to policy reforms, which are discussed in the next chapter, structural reform is required such as the creation of a new White House Office of Digital Strategy and Security (ODSS) which would have a far broader mandate than the current Office of the Cybersecurity Director. The ODSS would be charged with developing a full digital strategy for the USA, including but not artificially limited to cybersecurity. The US also needs to leverage empirically proven management techniques with the unique and powerful advantages western democratic norms and market economies. This would include adapting Principles for strategic cybersecurity developed the National Association of Corporate Directors. These principles have been independently assessed by PWC and shown to generate improved cyber risk. Management, better alignment between cybersecurity and overall mission objectives and encouraging a culture of security. The ODSS would also utilize enhanced partnership models for cybersecurity such as those studied cooperatively by DHS and the IT Sector Coordinating Council which were shown to increase both engagement and effectiveness. Additional structural reforms in the financial services industry have shown by McKinsey to improve cybercrime programs while also reducing costs
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.
Alexander T. Green is a staff editor for the Georgetown Journal of Law and Public Policy and is Vice President of the Corporate and Financial Law Organization. He holds a Juris Doctor from Georgetown Law.