FOR IMMEDIATE RELEASE
President and CEO, Internet Security Alliance
Speaking on a panel at the 2019 Munich Cyber Security Conference today, Internet Security Alliance President Larry Clinton called for a dramatic new path for government and industry on cybersecurity.
“Possibly the only issues virtually everyone at this conference will agree on is that the cybersecurity problem is getting worse, and no one can see the point when it starts to get better. We unequivocally need a new paradigm to address cybersecurity,” Clinton said in his speech.
Clinton claimed governments have been too focused on technical vulnerabilities and operational issues and have not devoted nearly enough attention to incentives and economics otherwise of attacks.
“The excessive focus on cyber as an ‘IT issue’ leads us to ask the wrong questions, and when you ask the wrong questions, you get the wrong answers,” Clinton said.
By analogy, Clinton asserted the World Trade Center did not fall because it was too vulnerable in Manhattan harbor, but rather because Al Qaeda saw the political profit in attacking it. Similarly, with cybersecurity, Clinton claimed, “The essence of the cybersecurity issue is not that the technology is bad. The essence of the issue is that the technology is under attack because all the incentives favor the attackers.”
Clinton called for a new model for industry-government relations that would replace the traditional paternalistic model with one more akin to a good marriage, where equal partners work together and develop novel ways to resolve problems together for mutual and equivalent benefit to the family.
Clinton concluded with a particularly European illustration noting that for hundreds of years, Western Europe lived through almost constant war, but then after World War II, there has been 75 years of almost uninterrupted peace and prosperity.
“How did you do that?” Clinton asked. “Did you eliminate all the vulnerabilities at your borders, or did you realize that you were all in this together, develop new models and work together to resolve sometimes ancient animosities? I think we can do something similar in cybersecurity.”
About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook for the National Association of Corporate Directors. For more information about ISA, please visit www.isalliance.org or 703-907-7090.