During the 116th Congress (2018-2020), the Internet Security Alliance is actively seeking to educate Members of Congress and staff about the economics-based model for strengthening cybersecurity outlined in the Cybersecurity Social Contract. These policy recommendations include harmonizing cybersecurity regulations to refocus resources dedicated to compliance on security, testing the cost-effectiveness of the NIST Cybersecurity Framework, establishing incentives to improve private sector cybersecurity, and strengthening cybersecurity law enforcement. In 2019, ISA met with numerous committees overseeing cybersecurity to introduce and advance the public policy initiatives of the ISA, including those articulated in the Internet Security Alliance’s Cybersecurity Social Contract.
For example, in April 2019, the ISA Board of Directors met with Congressman Mike Rogers, the ranking member of the House Homeland Security Committee, during their bi-annual Board of Directors meeting held in Washington, D.C.
ISA Congressional Advocacy At Work
The Internet Security Alliance has been called on to testify before Congress 15 separate times and has provided 20 witnesses for those hearings, such as board members.
Congressional outreach is a core function of ISA policy advocacy. We’re regularly on Capitol Hill with our staff and our board members, whether on a mission of education or because of a new policy development.
In March 2017, ISA board members met with a string of representatives, including Sen. Mike Rounds (R-S.D.), chairman of the Senate Armed Services cybersecurity subcommittee and Sen. Cory Gardner (R-Colo,) co-founder of the Senate Cybersecurity Caucus.
Being on Capitol Hill isn’t an infrequent experience for the ISA board. And the outreach pays dividends.
In the 112th Congress, a high-level House task force endorsed the approach laid out by ISA favoring market-based principles as the pathway toward improved cybersecurity.
When the House Republican Cybersecurity Task Force (pdf) convened, ISA was the first witness called to provide recommendations. The final report, published in October 2011, mirrored ISA recommendations and lifted language virtually identical to ISA Cybersecurity Social Contract publications.
In 2012, the ISA mobilized against cybersecurity bills that would have burdened industry with a regulatory approach to cybersecurity in the vein of Sarbanes-Oxley. ISA believed regulation was not the answer and maintained that a significant effort was needed to combat the growing cyber threat. We brought together a industry coalition based on an alternative model of industry standards and practices reinforced by market incentives. We later saw our effort picked up by the Obama administration, in the form of Executive Order 13636.
Click on the links below for ISA written statements before congressional committees.
- Larry Clinton’s Statement to U.S. Senate Committee on Commerce, Science, and Transportation
- Larry Clinton Testimony – House – “Cyber Security: What the Federal Government Can Learn from the Private Sector”
- ISA Testimony Leads To Bipartisan Cyber Incentives Effort
- Larry Clinton Testimony – House Energy & Commerce Testimony (Oral and Written with FNs)
- CYBERSECURITY: Threats To Communications Networks And Private-Sector Responses
- Larry Clinton – House Homeland Security Subcommittee
- Larry Clinton – Senate Judicary Committee
- Larry Clinton – House Energy and Commerce Subcommittee
- CYBERSECURITY: Network Threats And Policy Challenges
- Enhancing And Implementing The Cybersecurity Elements Of The Sector Specific Plans
- The Communication Sector Coordinating Council And Cyber Security
- CYBER GROUPS: A Review Of Public And Private Efforts To Secure Our Nation’s Internet Infrastructure
- CYBERSECURITY: Protecting America’s Critical Infrastructure, Economy, And Consumers
- H.R. 285: Department of Homeland Security Cybersecurity Enhancement Act of 2005
- Protecting Our Nation’s Cyber Space: Educational Awareness For The Cyber Citizen
- The DHS Infrastructure Protection Division; Public-Private Partnerships To Secure Critical Infrastructures
- COMPUTER VIRUSES: The Disease, The detection, And The Prescription For Protection
- COMPUTER VIRUSES: The Disease, The Detection, And The Prescription For Protection
- C-Span Cyber Security Policy Briefing
- CYBER SECURITY: Private-Sector Efforts Addressing Cyber Threats
- HOLES IN THE NET: Security Risks And The e-Consumer
- Fighting Cybercrime: Efforts by Private Business Interests