Close this Advertisement

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

Industry group calls for cybersecurity partnership

Related Links

ISAlliance report

The market-based, voluntary approach that the Bush administration has used to encourage companies to improve cybersecurity is not sufficient and the incoming Obama administration should form a cybersecurity social contract with industry based on economic incentives, according to a new report by a trade association.

The Internet Security Alliance (ISAlliance) released a report today suggesting a cybersecurity social contract through which government would encourage and reward corporations by potentially working cybersecurity into procurement and loan processes, along with possible awards programs that could be used as marketing advantages.

The group said the voluntary approach laid out by the Bush administration has not been sufficient because it is missing incentives to encourage companies to invest beyond their corporate interests and for the greater public good of cybersecurity. The organization said government mandates were not the right approach, in part because of the global nature of the Internet and the negative effects they could have on U.S. industry.

The report urged the incoming Obama administration to move beyond the “informal, Washington, D.C.-centered partnerships of the past.”

“Industry and government must construct a mutually beneficial social contract which addresses, creatively and pragmatically, the security of our cyber infrastructure,” ISAlliance said.

The group's board includes representatives from Verizon, the National Association of Manufacturers, Nortel, the CyLab at Carnegie Mellon University, Raytheon, and Northrop Grumman.

The ISAlliance report said that a conceptual framework of the “social contract” would identify and address the government’s role, industry’s role and the incentives that government will provide industry and what behaviors will be motivated.

The report said cybersecurity needed to be understood as an enterprise risk management issue rather than an IT issue. The board said the “social contract” was similar to the approach government took with utilities in the early 1900s to encourage the companies to make the investments to make services universal.

Bush administration officials have said involvement with the private sector is a key focus of the multiyear, multibillion-dollar Comprehensive National Cybersecurity Initiative the president kicked off by signing a classified directive in January.

Larry Clinton, president of the ISAlliance, said that although corporations have been working with the Homeland Security Department, there is still work to be done. He said the engagement between government and industry on the issue needed to extend beyond council groups to develop products.

“There is a public interest in the entire system being upgraded and government needs to deal with industry at the business plan level,” he said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Related Articles

Reader comments

Thu, Jan 15, 2009

The partnership proposed by the ISAlliance strikes me as dangerous because under it the Executive would become complicit with its industry partners, thus making it impossible for the Executive to hold its industry partners to account for the security lacuna if it were to continue. It also strikes me as self-serving because the members of the ISAlliance are the industry actors which have been billing the Executive to death for insecure services without having bothered to solve the problem.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Webcasts

Related Resources

Editorial Webcasts

  • Service Consolidation: How to Avoid Basic Pitfalls of Shared Services Register Now

    This is the first webcast of the Series “Future First: Three Steps to Data Center Transformation”. Plan to attend this webcast to support your agency efforts to design a practical roadmap for consolidation of resources and shared services to meet current and emerging program demands. Learn from those who are doing to help you evaluate services in your current operations that may lend themselves to future shared service arrangements. Read more

More Editorial Webcasts

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.