Industry group calls for cybersecurity partnership

Related Links

ISAlliance report

The market-based, voluntary approach that the Bush administration has used to encourage companies to improve cybersecurity is not sufficient and the incoming Obama administration should form a cybersecurity social contract with industry based on economic incentives, according to a new report by a trade association.

The Internet Security Alliance (ISAlliance) released a report today suggesting a cybersecurity social contract through which government would encourage and reward corporations by potentially working cybersecurity into procurement and loan processes, along with possible awards programs that could be used as marketing advantages.

The group said the voluntary approach laid out by the Bush administration has not been sufficient because it is missing incentives to encourage companies to invest beyond their corporate interests and for the greater public good of cybersecurity. The organization said government mandates were not the right approach, in part because of the global nature of the Internet and the negative effects they could have on U.S. industry.

The report urged the incoming Obama administration to move beyond the “informal, Washington, D.C.-centered partnerships of the past.”

“Industry and government must construct a mutually beneficial social contract which addresses, creatively and pragmatically, the security of our cyber infrastructure,” ISAlliance said.

The group's board includes representatives from Verizon, the National Association of Manufacturers, Nortel, the CyLab at Carnegie Mellon University, Raytheon, and Northrop Grumman.

The ISAlliance report said that a conceptual framework of the “social contract” would identify and address the government’s role, industry’s role and the incentives that government will provide industry and what behaviors will be motivated.

The report said cybersecurity needed to be understood as an enterprise risk management issue rather than an IT issue. The board said the “social contract” was similar to the approach government took with utilities in the early 1900s to encourage the companies to make the investments to make services universal.

Bush administration officials have said involvement with the private sector is a key focus of the multiyear, multibillion-dollar Comprehensive National Cybersecurity Initiative the president kicked off by signing a classified directive in January.

Larry Clinton, president of the ISAlliance, said that although corporations have been working with the Homeland Security Department, there is still work to be done. He said the engagement between government and industry on the issue needed to extend beyond council groups to develop products.

“There is a public interest in the entire system being upgraded and government needs to deal with industry at the business plan level,” he said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.