Larry Clinton describes government-industry partnership as similar to a parent-child relationship, wherein the parent (government) feels the need to exhibit some tough love on an uncooperative and immature child (the private sector). The analogy breaks down, however, when one realizes that in this case the “child” (industry) is actually far bigger, stronger, and has more resources than the supposed parent. Clinton argues it is the parent (government) in this case that is ultimately reliant on the child for cyber security. While industry cyber systems are vulnerable to attack-as are virtually all infrastructures historically- the market has produced an array of effective means to protect their cyber systems. The problem is the lack of proper implementation of cyber security best practices and relatively simple fixes, like software updates and security patches. Title each response with the question text:
o What needs to be done and how do we get people to do it?
o Will a traditional regulatory model work in this space?
o Does a newer model to address uniquely 21st century issues need to be developed?
o Whom should the government regulate?