December 2, 2016

(WASHINGTON, D.C.) – The Internet Security Alliance (ISA) welcomes the report of President Obama’s Cyber Commission by noting that virtually every element of the 12-step program ISA outlines in its recently published book, “The Cybersecurity Social Contract”, was embraced within the Commission’s report.

ISA made a presentation to the Commission at its open meeting on September 19, and hand delivered copies of their book to each Commission member.

“We are delighted to see the Commission’s finding that ‘incentives should always be preferred over regulation’ in cyber policy,” said ISA President Larry Clinton. “Not only did our own study come to a remarkably similar conclusion, but this finding is consistent with the House GOP Task Force Report on cybersecurity and the President’s own Executive Order 13636. The degree of consensus on the direction for sound cyber policy across industry and partisan lines is remarkable and bodes well for the prospect to more aggressively fight the ever-greater cyber threat,” Clinton said.

ISA also welcomed many of the specific recommendations and action items in the Commission Report. “We have been calling for greater urgency and investment in cybersecurity and we are pleased to see these tonal items are also reflected in the Commission’s Report. The specific calls for greater coordination and funding of law enforcement efforts in cybersecurity, taken together with calls for greater international coordination, workforce development, procurement reform and a renewed focus on the needs of smaller companies and mandatory cyber training of federal executives are all resonant with our views and that of much of the community,” said Clinton.

ISA saved its highest praise for the Commission’s call to streamline existing cyber regulations, which it feels will not only increase efficiency, but also enhance security. “Cyber regulation is an area where, at this stage, less is more. As government entities have lately discovered the cyber threat, we have seen cyber regulations growing like weeds – everyone wants to be the cyber guy now. Unfortunately, these overlapping, redundant and, at times, inconsistent regulations are diverting scarce cyber resources to unhelpful, check the box, compliance regimes. The Commission’s call to harmonize these regulations and reduce costs while calling on the private sector to develop better assessment methods are all steps we enthusiastically embrace,” said Clinton.

“Moreover a good deal of this regulatory underbrush can probably be accomplished at the Executive level and through processes like regulatory forbearance. This might be an area the Trump Administration can get started on early while Congress reorganizes and begins needed legislative action to replace the outdated regulatory regime with a consensus based incentive model,” said Clinton.

 About ISA: The Internet Security Alliance (ISA) is a trade association with members from virtually every critical industry sector. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. ISA pursues three goals: thought leadership, policy advocacy and promoting sound security practices. ISA’s “Cybersecurity Social Contract” has been embraced as the model for government policy by both Republicans and Democrats. ISA also developed the Cyber Risk Handbook for the National Association of Corporate Directors. For more information about ISA, please visit or 703-907-7090.