WASHINGTON, D.C. – Internet Security Alliance (ISA) President Larry Clinton has been named to lead a joint cybersecurity policy effort between DHS and the IT Sector Coordinating Council. The announcement was made at DHS during the annual joint meeting of the Government Coordinating Council with the IT Sector Coordinating Council on Sept. 29.
A joint statement that circulated prior to the meeting said, "While cybersecurity is now acknowledged as a critical priority by government and industry alike, the near-universal recognition of the problem often spurs divergent initiatives from policymakers across the USG and the states…(that are) often uncoordinated raising the specter of not only siloed but often regulatory proposals calling for the premature development and implementation of cybersecurity measures or metrics that favor compliance based cybersecurity models that are disconnected from any clear cybersecurity benefit. Further, cybersecurity threats from sophisticated and well-resourced adversaries including nation-states continue to grow to raise concerns that essential US public and private sector actors may not be adequately prepared to launch a coordinated response to a potential cybersecurity incident of national significance"
In response, the new initiative is charged with pursuing three joint policy goals that have been agreed to by DHS and the IT SCC. These goals are regulatory streamlining, promoting the NIST cybersecurity framework, and ICT mobilization, especially with respect to being prepared for a cyber incident of national significance.
ISA's Clinton welcomed the new initiative. "We have jointly realized that we are at an inflection point with respect to cybersecurity. We now need a more intensified and coordinated policy approach. For example, while we are all big fans of the NIST Framework now, three years past implementation, we have still not prioritized its elements nor determined how it can best used in a cost-effective manner. Moreover, we are now seeing a weed-like growth in cyber regulatory efforts that have not been shown to be effective but are diverting scarce security resources to redundant and conflicting regulatory regimes. If we are going to make progress in preparing ourselves for potentially ever larger cyber events, we need to get our arms around these efforts and develop a coordinated and empirically proven effective cybersecurity strategy. That is what we are hoping to do through this new initiative," Clinton said.