What more proof do we need, 143 million Americans (that\u2019s nearly half our nation\u2019s entire population) at risk, to publicly acknowledge that it ain\u2019t working?\u00a0 A mea culpa moment for sure!Cybersecurity is an entirely new industry sector.\u00a0 Basic fundamental business operating principles aside, we collectively should be attacking this from an outside-in approach, and embracing indeed celebrating the 'newness' of it all.\u00a0 Instead, we as a nation have become fearful and lazy (a broad overstatement for sure, but for purposes here . . .).\u00a0 It\u2019s taken a good 60-70 years post WWII to figure things out and get it right; but, absent some last-minute silly institutional decision making around collateralized loans and mortgages circa 2004-07 (and the resulting 2008-09 market downturn), we got there.\u00a0 Companies have achieved near pure operating models; company staffs are largely diverse; latterly (and finally!) executive ranks are increasingly filled by eligible women; and the global marketplace is steaming at good pace.\u00a0 Things have been relatively generally very good.\u00a0And now this cyber thing comes along.\u00a0 We at first think if we don\u2019t give it public attention, it will remain a secondary or ideally tertiary concern.\u00a0 That didn\u2019t work.\u00a0 Well, let\u2019s tend to it with \u201cband-aids\u201d; deploying our old reliable go-to operating models.\u00a0 Ugh!!\u00a0 That doesn\u2019t seem to be working either. \u00a0It's clear that many indeed most of these models are inadequate, ineffectual nor altogether relevant.\u00a0 What to do?We should be embracing the newness of all of this; and finding great joy in this rarest of opportunities, where so wide of a community\u2014that is the near entirety of public-private-not for profit\u2014has the chance to forge entirely new paths, break new ground and make lasting impact operating in the vast unknown that is digital security.\u00a0 To be fair, there are many brilliant cyber pioneers out there\u2014mostly located at emerging\/growth companies, with others scattered across public and private platforms\u2014doing meaningful work.\u00a0 And individual non-cyber domain companies have come a very long way, from just a few years ago, in recognizing the cyber threat and bolstering their internal information security plans and procedures. \u00a0But, given the wide and pernicious threat in front of us, by and large things are moving way too slowly.This author puts large blame on this slow-roll squarely on the US Congress.\u00a0 To be sure, there are members across both chambers who have been out in front on cyber for some time now.\u00a0 But, as an institution, Congress has been woeful in enacting important \u201cactivating\u201d policy.\u00a0 Further, I believe the root cause behind Congress\u2019 sitting on their proverbial hands is fear. \u00a0Fear of the unknown . . . leads to fear of making mistakes . . . leads to fear of residual blowback in the form of pissed-off constituencies, be they district voters or privacy lawyers. \u00a0We see zero-sum assumptions being based on flawed and in many cases wholesale irrelevant models. Instead, members must make cyber law based the new cyber paradigm.\u00a0\u201cStuff\u201d rolls downhill.\u00a0 While private companies have recent years generally made great strides within their own four walls; inter-company security information-sharing and collaboration still has a very long way to go.\u00a0 Without clear, effective and sensible guidelines from Congress, or at least implicit tacit approval with regard to compartmentalized cyber threat information-sharing, companies will continue to view the risk adjusted cost of (the perception of) usurping privacy regulations as too great versus the reputational gains earned from taking a 'leader of the pack' position in private-private cyber collaboration. \u00a0Enough!\u00a0 We cannot afford to worry about covering our asses here!\u00a0 Embrace the unknown! \u00a0Forge new paths! \u00a0Dare to make an impact! \u00a0When it comes to policy-making, let\u2019s together commit to operating with a dynamic common-sense approach . . . versus a \u201cthou shall not\u201d legalese mindset.\u00a0 If some folks along the way are going to assail progress and change in the name of strengthening highest stakes vulnerabilities, fine; they can pursue their grievances in the courts\u2014this is an important system byproduct that needs to occur anyway, so let it happen.\u00a0 If mistakes are made along the way, or we come to dead-ends . . . so what?!\u00a0 Really . . . so what?\u00a0 It\u2019s not like great things are happening institutionally at current pace.\u00a0 Take a collective quick pause, critique, regroup, and venture forward all the better informed.\u00a0 This is the glass-shattering that must continuously occur if we\u2019re going to make meaningful gains on the cyber battlefield.\u00a0 Congress must lead the way here.\u00a0 The private sector is poised to act, just like a coiled spring .\u00a0 When Congress unshackles itself from its burdensome ways . . . the private sector will take full note, and unleash. \u00a0New digital security operating paradigms will quickly emerge . . . and truly innovative, meaningful and lasting cyber work will flourish.Two bold (but very doable) glass-shattering, paradigm-shifting measures to push this \u201ccyber beast\u201d forward . . .On the public side: Treat cyber as \u201cthe kitchen sink.\u201d Throw it all in there, in the way of effective and innovative policy making. \u00a0Fast track it; and if something doesn\u2019t work, amend it or toss it in the can.\u00a0 And do this over and over and over again.\u00a0 We don\u2019t need perfect now; we need good and effective now. With resiliency, reflection and continuous self-improvement, over time we'll get to (near) perfect.On the private side: While we\u2019re waiting for Congress to push forward (re the above), let\u2019s expand the cyber candidate slate with the inclusion of alternate profile candidates.\u00a0 We\u2019re all agreed there are currently not sufficient numbers of experienced cyber domain experts in the universal cyber candidate pool. \u00a0There are, however, deep candidate benches across risk and threat vector\/operational decision-making SME domains\u2014namely drawn from the COO, CFO and CRO communities\u2014from which talented individuals can stretch and indeed enhance cyber candidate slates.\u00a0 We don\u2019t need perfect; we need very good and very effective.In closing, I\u2019d encourage our vast cyber community here to get a hold of the just (last week) released Navy-Private Sector Critical Infrastructure War Game 2017: Game Report, authored by the U.S. Naval War College staff.\u00a0 In the absence of a lessons learned\/how might we get there? roadmap...this could be that map.