Researchers at Indiana University have suggested that the US government should establish an independent cybersecurity agency board – similar to the National Transportation Safety Board.
The experts came to the conclusion on the back of one of the worst years for cyberattacks and data breaches. They proposed a cybersecurity agency that would operate much like the transportation board – only instead of investigating airplane crashes and train derailments, this cybersecurity board would get to the bottom of major cyberattacks.
“In the wake of a series of destabilizing and damaging cyberattacks ranging from Equifax to Yahoo, there has been a growing call for the US government to establish an analogue of the National Transportation Safety Board to investigate cyberattacks,” the researchers wrote in a paper published in the Albany Law Journal of Science and Technology.
According to the researchers, the safety board model “separates fact-finding proceedings from any questions of liability, allowing attribution to be established, for example, without parties initiating litigation.”
The Center for Strategic and International Studies had previously recommended a similar measure to the Trump administration, but the concept has never received an in-depth academic treatment, EurekAlert! Science News reported.
“Propositions for strengthening US cybersecurity range widely, from federally sponsored cyber risk insurance programs -- akin to flood insurance -- to allowing companies to have a freer hand to engage in proactive cybersecurity measures,” the researchers noted.
“A common refrain across many of these proposals ... (is a call for) more robust data breach investigations, which could include on-site gathering of data on why the attack occurred so as to help other companies prevent similar attacks. This evokes one of the core functions of the NTSB, that is, to investigate and establish the facts behind an incident, and to make recommendations to help ensure that similar events do not occur in the future.”
Helping insureds reach ‘corporate levels of cyber security’ at home
Why cyber insurance is being forced to get innovative