Fixing American Cybersecurity

Creating a Strategic Public-Private Partnership

Fixing American Cybersecurity advocates for a cybersecurity “social contract” between government and business in seven key economic sectors.

Cybersecurity vulnerabilities in the United States are extensive, affecting everything from national security and democratic elections to critical infrastructure and economy. In the past decade, the number of cyberattacks against American targets has increased exponentially, and their impact has been more costly than ever before. A successful cyber-defense can only be mounted with the cooperation of both the government and the private sector, and only when individual corporate leaders integrate cybersecurity strategy throughout their organizations.

A collaborative effort of the Board of Directors of the Internet Security Alliance, Fixing American Cybersecurity is divided into two parts. Part One analyzes why the US approach to cybersecurity has been inadequate and ineffective for decades and shows how it must be transformed to counter the heightened systemic risks that the nation faces today. Part Two explains in detail the cybersecurity strategies that should be pursued by each major sector of the American economy: health, defense, financial services, utilities and energy, retail, telecommunications, and information technology.

“In this thoughtful work, an interdisciplinary team led by Larry Clinton provides their expertise across a broad range of critical infrastructure sectors to propose a new course for public and private sector partnership to better secure our critical infrastructure from cyber incidents.”

Brig. Gen. (Ret.) Gregory Touhill

director of the CERT Software Engineering Institute at Carnegie Mellon University, former chief information security officer for the US government, and former deputy assistant secretary for cybersecurity and communications at the Department of Homeland Security, 2014-16

“Over the last decade, corporate boards have increasingly understood [cybersecurity] as a strategic issue blending technology & economics into the organizational mission. Fixing American Cybersecurity translates many of the lessons learned for use in government.”

Erin Essenmacher

former president and chief strategy officer, the National Association of Corporate Directors

“If your goal is to gain real insights from well-known experts such as Larry Clinton into some of America’s most serious looming cybersecurity challenges, then this new book is a must read.”

Edward Amoroso

founder and CEO, TAG Cyber and research professor, New York University's Tandon School of Engineering

“Larry Clinton’s timely and important book should be required reading for anyone seeking to learn how the United States can modernize its governance structure to favor innovative, risk-based approaches to protecting our data, networks, and devices.”

Matthew J. Eggers

vice president for cybersecurity policy in the Cyber, Intelligence, and Security Division at the US Chamber of Commerce

“Winston Churchill famously observed, ‘You can always count on the Americans to do the right thing, after they have exhausted all the other possibilities.’ Unfortunately, in cybersecurity we have followed this mantra, exhausting ourselves in a disjointed pursuit of what amounts to ‘other possibilities.’ This book maps a path for progress to a strategy that unifies industry and government efforts, accentuates and expands our collective capabilities, and leverages weaknesses of our adversaries―which they certainly do have―to enable us ‘to do the right thing’ and to do it well.”

Thomas Farmer

assistant vice president of security, Association of American Railroads, former chair, US Critical Infrastructure Cross Sector Council, and chair of the Surface Transportation Security Advisory Committee

“This book explains precisely why our nation must make significant changes in how we think about cybersecurity from an economic, geopolitical, policy, and systemic risk perspective. Failing to address the foundational issues presented will result in continued loss of ground to our adversaries who leverage state control and resources to their maximum advantage. The book is a timely and critical national call to action.”

Robert Mayer

senior vice president of cybersecurity and innovation, USTelecom Association, and chair of the Telecommunications Sector Coordinating Council

“Cybersecurity is a national security imperative. Fixing American Cybersecurity summarizes the potential challenges and threats to our economy if we do not take cybersecurity policy seriously. It provides a good framework based on lessons learned to help address some of the country’s immediate priorities.”

Alberto Yépez

cofounder and managing director, ForgePoint Capital

“While the book paints a sobering picture of our current cybersecurity landscape, it offers valuable recommendations for improving our defenses and mitigating future risks. This book is essential for security professionals, policymakers, and concerned citizens alike.”

Brilliance Security Magazine

“The content of this volume is up-to-date throughout, and will provide an excellent overview for readers at all levels.”

CHOICE connect

“A must read for policy makers, operators, thought leaders and business leaders. Incremental change within the cybersecurity ecosystem has been mostly ineffective.”

Rear Adm. (Ret.) Mike Brown

president of Spinnaker Security LLC, and former deputy assistant secretary of cybersecurity and communications, US Department of Homeland Security, 2008-10

“Anyone interested in creating effective cybersecurity policy should pay attention to this book. Fixing American Cybersecurity provides a wide range of policy proposals for improving our cybersecurity [and] convincingly argues for alternatives that go beyond the purely technical.”

Michael Daniel

President and CEO of Cyber Threat Alliance, president and former cybersecurity coordinator, Executive Office of the President, 2012-17

“Economic incentives are one of the most powerful forces. Fixing American Cybersecurity brings this often-overlooked economic perspective to the fore to enable better management of cyber threats, risks, and programs. Building starfish-style networks to enhance deterrence and resilience is also covered in the collaboration sections.”

Rod Beckstrom

first director of the US National Cybersecurity Center, former president and CEO, ICANN, and coauthor of The Starfish and the Spider

“Rethinking cybersecurity requires reframing the cybersecurity challenge as a strategic imperative for both government and business. Larry Clinton and the Internet Security Alliance are the right people to lead that change, balancing opportunity and risk in digital transformation.”

Bob Kolasky

senior vice president for critical infrastructure, Exiger, and former director, US Cybersecurity and Infrastructure Agency's National Risk Management Center

“One of the uniquely important aspects of Fixing American Cybersecurity is its attention not only to the larger players, but also to the crucial role that smaller entities have in protecting our nation’s supply chain and the unique challenges―cultural, technical, and economic―that US policy needs to address. The authors argue for much-needed sustained support for smaller entities and offer bold ideas and thought-provoking recommendations to incentivize smaller companies to initiate, mature, and optimize their internal cybersecurity.”

Ola Sage

president, CyberRx, and former chair of the Information Technology Sector Coordinating Council

“The Internet Security Alliance under Larry Clinton’s leadership has pioneered long-term policy making in cybersecurity. Fixing American Cybersecurity comes equipped with practical advice from seasoned professionals defending our nation in cyberspace. It promises to be an invaluable resource for advancing our nation’s cyber capabilities and expanding our cyber workforce.”

Valmiki Mukherjee

founder and chairman, Cyber Future Foundation, and founder and CEO, Cybrize

“[Fixing American Cybersecurity] would be an ideal text for a course in cybersecurity and a great read for anyone seeking a deeper understanding of today’s cyber vulnerabilities.”

The Cipher Brief

“Essential reading to prepare for the future of American cybersecurity, especially in light of contemporary and all to often successful efforts by criminals and hostile nations to breach and manipulate American internet and computer databases, “Fixing American Cybersecurity” must have the widest possible readership and considered an essential addition to personal, professional, community, governmental, corporate, and academic library Cybersecurity & Database protection collections and supplemental curriculum studies lists.”