By Anthony M. Freed, Editor, Information-Security-Resources

Dec 3 - The Internet Security Alliance held a luncheon at the National Press Club today to unveil their much anticipated recommendations to Congress and the Obama Administration regarding the future course of national cybersecurity policy.

The landmark report, entitled Implementing the Obama Cyber Security Strategy via the ISA Social Contract Model, is the culmination of nearly one decade of ISAlliance advocacy for market incentive based security reforms, and echos their previous cautions against pursuing costly regulatory constraints.

As stated in an ISA press release earlier this week, the analysis provided describes:

"frameworks for creating a new, practical model for information sharing; addressing the international nature of cybersecurity issues; developing a market for adopting good security standards and practices; building a highly educated digital workforce; and managing the global IT supply chain, among other things."

As the title of the document implies, the report is meant both as a response to the Obama Administration's Cyberspace Policy Review and also as a followup to the ISA's 2008 Cybersecurity Social Contract, which outlined several crucial areas of alignment as the logical jumping-off point for private industry and government initiatives.

From today's report:

"A major focus of agreement between these two texts is the appreciation of the economics of cyber security and the need to properly deploy incentives to generate enhanced security within the private sector to serve the broader national interest."

Central to the ISA's thesis is the under-appreciated notion that cybersecurity is an isolated technical issue that lies somewhere outside the scope of the broader economic picture.

The sobering evidence offered in the report thoroughly contradicts this pretense, noting that worldwide losses due to information security events is in the neighborhood of one trillion dollars annually.

Simultaneously, nearly half of the companies surveyed in another study reported plans to reduce security related expenditures in 2010, the report noted.

"Rewriting the economic equations currently governing cyber security issues is essential to creating the sustainable and evolving system of security that we will need to protect our nation against the emerging threats we are facing in the 21st century."

How best to accomplish this herculean task is at the crux of the ISA's recommendations.

The report likens the advent and importance of the Internet to that of the telephone and the national electrical grid in the early 1900's.

The efficacy of government policies at the time provided the necessary impetus for the private sector to invest resources to develop the national infrastructure beyond the scope of their own narrow corporate interests.

The ISA argues this approach by government and private industry was the catalyst for the rapid development and availability of these technologies that are so central to the nation's economic engine, and should be mirrored by cyber policy today.

Also provided in the ISA report are stark warnings against the temptation to overly regulate an entity that knows no national borders, has no central administrative control, and obeys no government.