CONGRESS MUST REAUTHORIZE CISA 2015
The Cybersecurity Information Sharing Act (CISA) of 2015 is arguably the most successful cybersecurity legislation ever enacted. It uses market incentives (liability protection) to incentivize critical information sharing between industry and the government. It is currently scheduled to expire in three months. Disabling our most fundamental cybersecurity mechanism would take place at a time of […]
THOUGHTS FROM THE WORLD ECONOMIC FORUM – REIMAGINING CYBER REGULATIONS
Last week, I was honored to be asked to lead the session on reimagining cyber regulations at the World Economic Forum event in Paris. The Forum relies on the Chatham House Rule, so I will await their report on the meeting; however, below is the text from which I drew the opening statement for the […]
UPCOMING ISA EVENT – CISA 2015 REAUTHORIZATION BRIEFING
6/25 ISA EVENT: IT SECTOR COORDINATING COUNCIL TO BRIEF CONGRESS ON CISA 2015 REAUTHORIZATION JOIN US! On June 25 in Cannon 401, the IT Sector Coordinating Council will hold a briefing on the need to reauthorize the 2015 Cybersecurity Information Sharing Act (CISA – the law not the agency). The briefing will begin at noon and end […]
WHY HARMONIZING CYBER REGULATION WON’T WORK – AND WHAT WILL
WHY CYBER REGULATORY HARMONIZATION WON’T WORK The core reason cybersecurity regulatory harmonization won’t work is that it doesn’t promise to improve the effectiveness of our regulations. Harmonization should not be understood as the goal of our efforts to improve our cybersecurity regulatory system. Our goal must be effectiveness, i.e., to actually improve our cybersecurity. Unless […]
TWENTY-FIVE WAYS TO ENHANCE CYBERSECURITY WITHOUT NEW REGULATIONS
Absent a few notable exceptions, traditional regulation has not worked to improve our cybersecurity. There are multiple reasons why it generally doesn’t improve security and is often actually counterproductive which we (ISA) describe in our recent book Fixing American Cybersecurity: Creating a Strategic Public Private Partnership (Georgetown University Press 2023) so, we won’t detail them […]
STREAMLING CYBERSECURITY REGULATION: AN ELEGANT SOLUTION
In science and public policy, a principal goal is to develop an elegant solution. Elegance is generally defined as the simplest statement that most completely solves the problem. The quintessential example of scientific elegance is Einstein’s explanation of the theory of relativity E=mc2. Beautiful. The Biden Administration has just released its proposal to address the […]
Top Ten Reasons Why Cybersecurity Is Like Coronavirus
By Larry Clinton I’m not saying cybersecurity and the coronavirus are exactly the same. The defining characteristic of the cyber threat is that we have conscious and deliberate actor’s carefully crafting attacks. The coronavirus has no conscience, no plan. At the same time, notwithstanding differences, these domains are both attacks on our cultures, and when […]
