During the 116th Congress (2018-2020), the Internet Security Alliance is actively seeking to educate Members of Congress and staff about the economics-based model for strengthening cybersecurity outlined in the Cybersecurity Social Contract.  These policy recommendations include harmonizing cybersecurity regulations to refocus resources dedicated to compliance on security, testing the cost-effectiveness of the NIST Cybersecurity Framework, establishing incentives to improve private sector cybersecurity, and strengthening cybersecurity law enforcement. In 2019, ISA met with numerous committees overseeing cybersecurity to introduce and advance the public policy initiatives of the ISA, including those articulated in the Internet Security Alliance’s Cybersecurity Social Contract.

For example, in April 2019, the ISA Board of Directors met with Congressman Mike Rogers, the ranking member of the House Homeland Security Committee, during their bi-annual Board of Directors meeting held in Washington, D.C.

Rep. Mike Rogers meets with the ISA Board of Directors during April 2019 meeting.;
t “Rep. Mike Rogers meets with the ISA Board of Directors during April 2019 meeting. “

ISA Congressional Advocacy At Work

The Internet Security Alliance has been called on to testify before Congress 15 separate times and has provided 20 witnesses for those hearings, such as board members.

Congressional outreach is a core function of ISA policy advocacy. We’re regularly on Capitol Hill with our staff and our board members, whether on a mission of education or because of a new policy development.

The ISA board briefs Sen. Mike Rounds, who told the board that "In this room here, you probably got more talent, and more background and more understanding about how serious this is, than any group I’ve seen yet get together. "
The ISA board briefs Sen. Mike Rounds, who told the board that “In this room here, you probably got more talent, and more background and more understanding about how serious this is, than any group I’ve seen yet get together. “

In March 2017, ISA board members met with a string of representatives, including Sen. Mike Rounds (R-S.D.), chairman of the Senate Armed Services cybersecurity subcommittee and Sen. Cory Gardner (R-Colo,) co-founder of the Senate Cybersecurity Caucus.

Being on Capitol Hill isn’t an infrequent experience for the ISA board. And the outreach pays dividends.

In the 112th Congress, a high-level House task force endorsed the approach laid out by ISA favoring market-based principles as the pathway toward improved cybersecurity.

When the House Republican Cybersecurity Task Force (pdf) convened, ISA was the first witness called to provide recommendations. The final report, published in October 2011, mirrored ISA recommendations and lifted language virtually identical to ISA Cybersecurity Social Contract publications.

The ISA board meets with Rep. Mac Thornberry, chair of the House Republican Cybersecurity Task Force, in 2012.
The ISA board meets with Rep. Mac Thornberry, chair of the House Republican Cybersecurity Task Force, in 2012.

In 2012, the ISA mobilized against cybersecurity bills that would have burdened industry with a regulatory approach to cybersecurity in the vein of Sarbanes-Oxley. ISA believed regulation was not the answer and maintained that a significant effort was needed to combat the growing cyber threat. We brought together a industry coalition based on an alternative model of industry standards and practices reinforced by market incentives. We later saw our effort picked up by the Obama administration, in the form of Executive Order 13636.

Click on the links below for ISA written statements before congressional committees.