Larry Clinton is President and CEO of the Internet Security Alliance (ISA). ISA represents major corporations from the Aviation, Banking, Communications, Defense, Education, Financial Services Insurance, Manufacturing, Technology and Security industries. ISA's mission is to integrate advanced technology with economics and public policy to create a sustainable system of cyber security. Mr. Clinton is one of the clearest voices on cyber security and has been featured in mass media such as USA Today, PBS News Hour, The Morning Show (CBS), Fox News, CNN, CSPAN, and CNBC. He has also authored numerous professional journal articles on cyber security as well as being a past guest editor for the Cutter IT Journal. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security Social Contract which is both the first and last source cited in the Executive Summary of President Obama's Cyber Space Policy Review, which also cited more than a dozen ISA white papers—far more than any other source.
Cyber security is a complex issue that requires a smart, balanced
approach to public-private partnership. However, there is not a simple
gold standard or mandatory minimum standard of cyber security, which
can cause friction in the relationship between government and private
industry. There are fundamental differences in these two unevenly yoked
partners: government's fundamental role under the U.S. Constitution is to
provide for the common defense; industry's role, backed by nearly a hundred
years of case law, is to maximize shareholder value. Further differences
are that government partners and industry players often assess risk
differently, based on their differing missions and objectives. To be successful,
both government and industry need to remain committed to the
relationship and continue working on it by understanding the complexity
of the situation, adapting where appropriate to their partner's perspective.
For the public-private partnership to endure and grow, an appreciation
of these differing perspectives—born from different legally mandated
responsibilities—must be reached. Ultimately, the government should
compensate private entities for making investments that align with the
government's perspective, such as the social contract, rather than mandating
that the shareholders subsidize the government function of providing
for the common defense.
Clinton, Larry. "A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense." Journal of Strategic Security 4, no. 2 (2011)
Available at: https://scholarcommons.usf.edu/jss/vol4/iss2/7