In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, which formalized the Administration’s adoption of principals proposed by the Internet Security Alliance. The Executive Order departed from the regulatory model that the Administration previously embraced that would have granted the Department of Homeland Security extensive authority to mandate cyber security standards and practices over wide segments of the private sector. ISA believed regulation was not the answer and maintained that a significant effort was needed to combat the growing cyber threat. ISA brought together a industry coalition based on an alternative model of industry standards and practices reinforced by market incentives.
This historic and precedent-setting Executive Order laid the foundations for a collaborative program with industry to identify effective standards and promote their adoption through the use of market incentives.
ISA first laid out its model for a sustainable system of cyber security in the Cyber Social Contract, calling for an approach that integrates both the technological and economic aspects of cyber security. President Obama’s Executive Order on cyber security cemented a 180 degree change for the administration away from regulation and adopted all the major tenets of the ISA social contract
In follow up to the release of the Executive Order 13636, ISA was a major contributor helping to guide the creation of the resulting NIST Framework. ISA held multiple private meetings with the team drafting the Cybersecurity Framework and served as a resource for best practices and industry insight. As a key voice from industry, ISA was called on by major media outlets, including CNN and CNBC, to comment on the Executive Order and resulting Cybersecurity Framework.