Tom Ridge, the first Homeland Security secretary and former governor of Pennsylvania, has signed on as the new Chairman of Cybersecurity and Technology at alliantgroup, where he will focus on encouraging smaller entities to use the federal research and development tax credit to develop cybersecurity products.
“I appreciate the opportunity to be on the alliantgroup board. In my experience as governor and at DHS, I always liked incentivizing good behavior,” Ridge said. “Alliantgroup has identified a niche around the permanent R&D tax credit that seems to fit well with the cybersecurity sector.”
The former DHS secretary also discussed deterrence, software liability and other issues in a wide-ranging interview Tuesday with Inside Cybersecurity.
Ridge is the founder and chairman of Ridge Global, which offers an array of cybersecurity consulting services including a certification program in partnership with the National Association of Corporate Directors, CERT-Software Engineering Institute of Carnegie Mellon and NAVEX Global. Ann Beauchesne, the former senior vice president for national security at the U.S. Chamber of Commerce, recently joined as CEO of Ridge Global Education.
Alliantgroup specializes in matching companies with available tax credits, and Ridge noted that “a lot of small cybersecurity firms are doing R&D and probably aren’t aware of the credit. They are premier candidates for this credit.”
Ridge said “Congress did its job” in making the R&D credit permanent, “which spurs the right kind of conduct by the private sector.”
“We need to let people know this exists,” Ridge said, observing that a $100,000-$200,000 tax credit would be “very important to a small company.”
Needed: Cyber strategy
On other topics, Ridge said more clarity is desperately needed around the nation’s approach to cyber deterrence, as well as public and private roles and responsibilities. This has been an increasingly hot issue on Capitol Hill and in the private sector.
The Senate Intelligence Committee in recommendations released Tuesday as part of its Russian hacking probe called for a national deterrence policy, while a senior White House aide said Tuesday that officials are reviewing an interagency report on deterrence.
“We’re breaking the glass and sounding the alarm, but where is the response?” Ridge asked. “The government needs to step up and collaborate with the private sector” on deterrence and cyber strategy. “We need a whole-of-nation response.”
Ridge said it would be “helpful” for the White House to take the lead and “elevate the discussion” with the involvement of the bipartisan congressional leadership and the private sector. “We need someone to call the principals together.”
White House cyber officials Tom Bossert and Robert Joyce “are very smart and talented, but they can’t do this by themselves,” Ridge said.
On the issue of the existing liability protection enjoyed by software makers, Ridge joined recent calls made separately by Sen. Mark Warner (R-VA) and Harvey Rishikof of the American Bar Association’s Standing Committee on Law and National Security for at least a conversation on whether that immunity is still appropriate.
“That was a very provocative observation by Sen. Warner,” Ridge said, adding that the conversation should begin with congressional hearings. Neither the House nor Senate Judiciary panels have ventured near the issue so far.
“This is a great policy question that should be discussed,” Ridge said. “There may be advantages to [the legal immunity], but we’re in a state of war and developers should be a lot more stringent. … Let’s decide as a country if they should have that protection.”