Internet Security Alliance renews call for ‘incentives’ following Def Con meeting

August 15, 2018

Department of Homeland Security official at Def Con last week highlighted the increasing interconnectedness of critical industries and the challenge for government in protecting private enterprises from foreign cyber attacks — issues being cited by the Internet Security Alliance in renewing its longstanding call for “incentivizing” cybersecurity investments.

“Digitization has changed everything. It literally is altering our brain chemistry. It obviously is changing the way we think about core ideals like privacy, and it fundamentally is changing — or needs to change — our basic assumptions about national defense,” writes ISA in a blog post Tuesday.
The ISA cites comments by DHS Assistant Secretary Jeanette Manfra to emphasize that businesses are finding themselves on the front lines in fending off cyber attacks from foreign adversaries, and that while both government and the private sector have a common goal in protecting critical infrastructure, their reasons, or incentives, for investing in cybersecurity differ.

“As a result, there is a gap — a delta — between legitimate commercial-level security and necessary government-level security. The problem is in the digital world we are all using the same system,” writes ISA.

The group cites the development of privately owned electric and telecommunications utilities as an example of how government and industry bridged a similar gap in the past.
“The policymakers saw that these services — just like cybersecurity — needed to be provided to everyone. So, they made an economic deal — a ‘social contract’ — with the infrastructure owners. If the providers would provide universal service, the policymakers would guarantee the return on the corporate bonds,” according to ISA.

“And it worked,” the group states, in arguing for a similar arrangement to address emerging and evolving cyber threats.

“We now need a similar — not identical — cybersecurity social contract that will provide for the privately-owned public defense of our cyber infrastructure–a collective defense model,” according to ISA.

| Inside Cybersecurity - 2018-08-15