Unprecedented government intervention into the credit, financial and insurance markets has taken the market-based, small government proponents down a notch or two when trying to argue that private industries can be left to themselves to self-regulate and avoid catastrophe.
So given the prevailing climate, it was not altogether shocking to come across yesterday’s report issued by The Internet Security Alliance (ISAlliance) offering that the Bush Administration’s market-based, voluntary approach for encouraging companies to improve cybersecurity was insufficient.
As reported by Washington Technology, The ISAlliance, a non-profit collaboration between the Electronic Industries Alliance, a federation of trade associations, and Carnegie Mellon University’s CyLab, suggested in the report that the next Administration should – in conjunction with industry players – develop a cybersecurity social contract based on economic incentives.
As opposed to the voluntary approach, ISAlliance suggests a social contract whereby government would incentivize and reward companies through incorporating cybersecurity into procurement and loan processes, along with other steps. The report from ISAlliance – whose Board includes reps from Verizon, Raytheon, and Northrop Grumman – also seeks to shift the perception of cybersecurity from purely IT to one of enterprise risk management.