By Jessica Herrera-Flanigan // October 22, 2014
A few weeks ago, I wrote about the need to move the cybersecurity dialogue to its next stage and to start to seriously consider what disruptors are sitting out there that could help us do so.
I identified four areas ripe for discussion.
- Policy disruptors
- Data breaches vs. cybersecurity
- Cyber weaponization
- Post-Snowden security
Let’s start this disrupting conversation by looking at policy disruptors.
To do that, we have to go back to the Clinton administration.
Back in 1997 and 1998, we saw the issuance of the President’s Commission on Critical Infrastructure Protection. This was a report on the scope and nature of the vulnerabilities and threats to the nation’s key industries, like power and water systems. Then, in 1998 came the release of Presidential Decision Directive 63.
Those cutting-edge Clinton-era efforts talked about the “shared responsibility and partnership between owners, operators and government.” They discussed incentives and only using regulation in the “face of a material failure of the market.”
Research and development investments as well as government procurement were also discussed. Information sharing, including the legal impediments and possible liability issues, insurance and standards were all evaluated and deemed necessary.
Fast forward 17 years, through countless...