Larry Clinton is President and CEO of the Internet Security Alliance (ISA). ISA represents major corporations from the Aviation, Banking, Communications, Defense, Education, Financial Services Insurance, Manufacturing, Technology and Security industries. ISA’s mission is to integrate advanced technology with economics and public policy to create a sustainable system of cyber security. Mr. Clinton is one of the clearest voices on cyber security and has been featured in mass media such as USA Today, PBS News Hour, The Morning Show (CBS), Fox News, CNN, CSPAN, and CNBC. He has also authored numerous professional journal articles on cyber security as well as being a past guest editor for the Cutter IT Journal. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security Social Contract which is both the first and last source cited in the Executive Summary of President Obama’s Cyber Space Policy Review, which also cited more than a dozen ISA white papers—far more than any other source.
Corporate security, Cybersecurity, Security policy, Security management, Science and technology & security, Networks and network analysis, National security
Cyber security is a complex issue that requires a smart, balanced approach to public-private partnership. However, there is not a simple gold standard or mandatory minimum standard of cyber security, which can cause friction in the relationship between government and private industry. There are fundamental differences in these two unevenly yoked partners: government’s fundamental role under the U.S. Constitution is to provide for the common defense; industry’s role, backed by nearly a hundred years of case law, is to maximize shareholder value. Further differences are that government partners and industry players often assess risk differently, based on their differing missions and objectives. To be successful, both government and industry need to remain committed to the relationship and continue working on it by understanding the complexity of the situation, adapting where appropriate to their partner’s perspective. For the public-private partnership to endure and grow, an appreciation of these differing perspectives—born from different legally mandated responsibilities—must be reached. Ultimately, the government should compensate private entities for making investments that align with the government’s perspective, such as the social contract, rather than mandating that the shareholders subsidize the government function of providing for the common defense.
Clinton, Larry. “A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense.” Journal of Strategic Security 4, no. 2 (2011): 97-112.