To prevent cyberattacks, paper suggests agency similar to National Transportation Safety Board

Feb. 16, 2018

After arguably the worst year ever for cyberattacks and data breaches, Indiana University research suggests it may be time to create an independent cybersecurity agency board comparable in approach to the National Transportation Safety Board that investigates airplane crashes and train derailments.

“In the wake of a series of destabilizing and damaging cyberattacks ranging from Equifax to Yahoo, there has been a growing call for the U.S. government to establish an analogue of the National Transportation Safety Board to investigate cyberattacks,” the researchers write in the Albany Law Journal of Science and Technology.

The safety board model “separates fact-finding proceedings from any questions of liability, allowing attribution to be established, for example, without parties initiating litigation.”

This approach has been floated in recommendations to the Trump administration by the Center for Strategic and International Studies. But until now, the idea has never received in-depth academic treatment. In their paper, Shackelford and Brady review what led to the passage of the NTSB and evaluate proposals to establish a “National Cybersecurity Safety Board.”

“Propositions for strengthening U.S. cybersecurity range widely, from federally sponsored cyber risk insurance programs—akin to flood insurance—to allowing companies to have a freer hand to engage in proactive cybersecurity measures,” the authors wrote.

“A common refrain across many of these proposals … (is a call for) more robust data breach investigations, which could include on-site gathering of data on why the attack occurred so as to help other companies prevent similar attacks. This evokes one of the core functions of the NTSB, that is, to investigate and establish the facts behind an incident, and to make recommendations to help ensure that similar events do not occur in the future.”

Enhancing cybersecurity in the emerging Internet of Everything is technologically complex and legally challenging, especially when organizational cultures can be so different. Microsoft has estimated that the number of Internet-enabled devices could increase from 11 billion to 50 billion between 2013 and 2020. Another estimate from Morgan Stanley places the number at 75 billion by 2020.

Newswise has the full article

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...