Time for New Thinking on Cybersecurity, ISA Says
U.S. cybersecurity policy isn't yet equipped to meet the “immense” challenge of protecting valuable data, though there has been progress, blogged Internet Security Alliance President Larry Clinton Tuesday. Clinton praised work to improve the National Institute of Standards and Technology’s cybersecurity framework, which is headed for another update this spring. He also said corporate boards now rank cybersecurity among their top challenges, whereas a few years ago it was less of a priority. But nation-state attacks (see 1801020027) that have evolved beyond espionage to “straight out cyber crime" make it seem “no one is safe" and may soon “pose serious risk to critical infrastructure,” he said. Policymakers have yet to develop an approach that focuses on the entire cybersecurity system instead of “incremental assets," he said, and is complicated by a system that looks for scapegoats after major cyber breaches rather than developing systemic solutions. “We are all on the same side. We need to act like it,” Clinton said. In historic security models, each entity was expected to secure itself. But the internet demands a different, integrated response that's developed through a “conscious partnership” like the one NIST used to create the framework, he said.