In testimony today before the House Information Policy Committee of the Government Reform Committee today, ISA President Larry Clinton said “government reform is clearly what’s needed” to combat a growing cyber threat.
Clinton said government needs to change the way it conceptualizes its relationship with the private sector in order to develop a sustainable system of cyber defense that would “accommodate the global breadth of the Internet and still result in a constantly improving system of mutual security.”
According to Clinton the “Internet is unlike anything we have dealt with before and consequently will require a security system unlike anything we have designed before.”
Clinton also said the nature of cyber attacks has changed from broad scale incursions such as “Blaster” and “Love Bug” to targeted attacks on specific systems carried out via “designer malware” that could reside undetected on systems for extended periods causing significant damage. Clinton said the private sector has, and is, developing new products and services to address these attacks and there is evidence that such systems work but “we need to find a way to get broader adoption of these best practices and services.”
Clinton cited a recent GAO Report and the National Infrastructure Protection Plan which he claimed showed the way toward a more effective public private partnership by creating a value proposition for industry to go beyond their individual business interests, but also said that despite progress much more needed to be done.
Clinton concluded his testimony by offering “top ten” list of steps he thought the government should consider. Among Clinton’s suggestions were, for government to lead by example, use its market power instead of its regulatory power to improve security, invest in R&D efforts that the private sector will not address, create market incentives for good actors by using insurance, procurement, taxes and award programs and focusing outreach efforts on senior corporate management.