June 28, 2017

(WASHINGTON, D.C.) – Internet Security Alliance President Larry Clinton will be the featured speaker at the meeting of the Council on Foreign Relations Roundtable on Digital Policy at noon, June 29th.  Mr. Clinton will speak on “US Government Efforts to Improve Cyber Security”

“The latest massive cyber-attacks only highlight the need for industry and government to dramatically ramp up our efforts to secure cyber space,” Mr. Clinton said. “The reality is that things are liable to get worse – much worse – before they get better.”

Per Clinton’s prepared remarks, our cybersecurity is going to get worse for 4 reasons. “First, the system, which was designed to be weak, is getting weaker with the explosion of mobile devices and the Internet of Things. Second, the attackers are getting better. Nation-states are now engaged in traditional criminal behavior including the recent ransomware attacks making previously advanced style attacks commonplace and investing heavily to innovate all new weaknesses in our defenses. Third, all the economics of cyber favor the attackers. Attacks are cheap and easy to acquire and yield tremendous profits. Meanwhile, we are generations behind the attackers as we defend an inherently vulnerable system, with little help from law enforcement. To make matters worse, the real crazies – the terrorists – are getting much better at cyber-attacks and could become a substantial threat soon,” said Clinton.

On the positive side, Clinton believes that we have created a broad consensus on the best way to approach cyber policy, corporate boards are getting much more involved, and some of the programs they are adapting are showing positive improvements.

“Aside from some perirenal issues, there is substantial agreement in the policy community from the House GOP to President Obama to President Trump about the right way to approach the cybersecurity issue. The problem is that there is an enormous amount of work that needs to be done and we are not moving nearly fast enough,” claims Clinton.

Clinton will advocate government engage in a 12-step program to effectuate the needed changes. Briefly, ISA believes government needs to 1) Address the problem with greater urgency, 2) Spend (a lot) more money, 3) Focus more on law enforcement 4) Reorganize government for the digital age, 5) Streamline cyber regulations, 6) Develop effectiveness measures for the NIST Cybersecurity Framework 7) Train senior government executives in cyber risk management, 8) Adopt a true risk management approach at federal agencies, 9) More creative workforce development, 10) Define government’s role in nation-state attacks, 11) Realign cyber market incentives, and 12) Rethink the cyber complai9nce model.

These steps are fully developed in the ISA’s Cybersecurity Social Contract released last fall and available on Amazon.