ISA Testimony Before House Cyber Security Task Force

Wednesday, July 20, 2011

Marjorie Morgan



Watch Larry Clinton's video interview with Anthony M. Freed conducted at the RSA Conference HERE

ISA Testimony Before House Task Force on Cyber Security

Speaker of the House Boehner has appointed a task force comprised of Members from the major Committees of the House to develop a framework for cyber security legislation to be considered during the current Congressional session (see list of Task Force Members at the below).

The Task Force is charged with meeting every week to consider input from industry experts as they consider four priority areas.  The ISA was the very first organization that was asked to testify before the Task Force.  

All Task Force Members with the exception of Congressman Goodlatte from the Judiciary Committee attended the briefing and all stayed for the entire session. Committee staff also attended.

The task Force is charged with considering four priority areas:

1. Incentives for Critical Infrastructure
2. Information sharing
3. Updating Cyber Crime law
4 The Public Private Partnership

ISA's Cyber Security Social Contract, the ISA testimony before the Homeland Security Committee last month, as well as the the information sharing paper authored by Jeff Brown were shared with the Task Force by Chairman Thornberry prior to the Task Force's meeting. 

The Task Force was also provided a copy of the industry White Paper jointly authored by ISA, BSA, CDT, Tech America and the US Chamber with the last two of these also being invited to the Task Force meeting.

ISA Board is currently drafting brief White Papers on the other areas of interest for the Task Force.

The House Leadership team instructed the Task Force to first consider the issue of providing incentives. Not surprisingly the Task Force expressed great interest in ISA's views on the subject with Congressman McCaul (R-TX) asking for ISA to repeat the analysis we provided to the House Homeland Security Committee regarding how some forms of regulation can actually provide counterproductive incentives for enhanced security.

Several Task Force Members were concerned with how Congress could fashion incentives in the current economic climate.  Issues such as the use of liability, the ability to offer streamlined regulation for currently regulated entities and the use of government procurement as a way to demonstrate leadership were also discussed. Both Task Force Chair Thornberry and Cyber Security Subcommittee Chair Lungren expressed particular interest in cyber insurance.

The Task Force is charged with providing the House Leadership with a framework by October 1. Meanwhile the Committees of jurisdiction are expected to begin crafting legislation so that they will be ready to move on the topic in fall and winter this year.

Chairman Thornberry concluded the meeting by asking us to provide any additional written material covering the Task Force priorities on an exposures basis.

Members of the Cyber Security Task Force

  • Rep. Mac Thornberry (R-TX)
  • Rep. Robert Aderholt (R-AL)
  • Rep. Jason Chaffetz (R-UT)
  • Rep. Mike Coffman (R-CO)
  • Rep. Bob Goodlatte (R-VA)
  • Rep. Robert Hurt (R-VA)
  • Rep. Bob Latta (R-OH)
  • Rep. Dan Lungren (R-CA)
  • Rep. Mike McCaul (R-TX)

Other Upcoming ISA Events:

July 19: Securing the eCampus 2011 Conference

Larry Clinton will present, "The Evolution of Cyber Threats and Government Policy" during this conference held at Dartmouth College.

July 20 - Government Innovation Seminar - Engaging the Evolving National Cyber Security Agenda

Larry Clinton will discussing the economics of cyber security and provide a framework for developing a sustainable system of cyber security by indentifying what problems need to be addressed.

July 20 at 2:00pm: Protected Health Information Project Ecosystem Subcommittee

The ecosystem subcommittee will define points of compromise in the healthcare ecosystem where there are risks of exposure, and is co-chaired by James Christiansen of Evantix, Gary Gordon of the Center for Identity at the University of Texas at Austin, and Lynda Martel of DriveSavers Data Recovery, Inc.

July 20 at 4:00pm: Protected Health Information Project Legal Subcommittee

The legal subcommittee will identify existing legal protections related to PHI, and is co-chaired by Christine Arevalo of ID Experts, Chris Cwalina and Steve Roosa of Reed Smith, LLP, and  Jim Pyles from Powers Pyles Sutter & Verville, PC.

July 21 at 1:30pm: Protected Health Information Project Survey Subcommittee

The survey subcommittee will query chief security / privacy officers or consumers on what they consider to be sensitive data, and is being led Christine El Eris and Michael Morelli of Affinion Group, Larry Ponemon of the Ponemon Institute, Don Rebovich of the Center for Identity Management and Information Protection at Utica College; and  Andrew Serwin from Foley & Lardner LLP.

July 22 – NSTICK NOI Comments Due to NIST

The White House has launched a Notice of Inquiry (NOI) on the latest draft  to develop the National Strategy for Trusted Identities in Cyberspace.  The Notice of Inquiry (NOI) addresses models for a governance structure for NSTIC.  The comments received on the NOI will help NIST inform their deliberations and decisions on the steering body.  NIST will then produce a public report with recommendations for addressing questions raised on the four key issues outlined in the strategy. More more information about this project contact Stephanie Schaffer at

September 26 &27: ACI Cyber and Data Risk Insurance

Larry Clinton will discuss the latest federal regulatory developments and enforcement actions and its impact on insurance coverage and litigation.

About the Internet Security Alliance

The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership. The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries. ISA’s mission is to integrate advanced technology with the realistic business needs of its members and enlightened public policy to create a sustained system of cyber security.

Infosec Island and the ISA

Infosec Island is an ISA partner organization. Infosec Island is a leading information security portal committed to serving the risk mitigation needs of SMBs, mid-market enterprises, government agencies, legal, financial, healthcare, educational, and nonprofit organizations by providing the latest in news, free network security tools, and insights from leading industry experts.

Possibly Related Articles:
Internet Security Alliance Infrastructure Congress ISA Larry Clinton Cyber Security Task Force Testimony
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.