SolarWinds, Exchange attacks revive calls for mandatory breach notification, better information sharing

The absence of good statistics limits insight into what constitutes good cybersecurity. “If I gave you $5 million and said, ‘Spend this on improving the security of an enterprise,’ the average system couldn’t actually put numbers to a proposal to decide whether or not to do threat hunting or a better training of employees,” Paul Rosenzweig, senior fellow at the R Street Institute said at the RSA Conference. He argues for the creation of a bureau of cybersecurity statistics. “The ultimate goal here is to have metrics that are transparent, countable, auditable, effective, generally agreed-upon, widely used and scalable. We’re nowhere near that right now,” he said.

Like most cybersecurity policy experts, Rosenzweig thinks mandatory breach notification is overdue. “It boggles my mind that 15 years into this cybersecurity crisis, pretty much since 2005, 2006, we still don’t have an operating picture of how frequently and what sorts of breaches occur in the United States. We’re doing better than we did 15 years ago. But without a comprehensive breach notification law, we simply never get a sense of what’s actually happening on the ground. That makes it impossible to do trend analysis or gap analysis with any efforts.”

Featured Publications

Analysis Criminal Justice and Civil Liberties, Federal Government Affairs, Juvenile Justice, Pretrial

Spotlight on Criminal Justice: Observing National Child Abuse Prevention Month – April

Christi M. Smith April 23, 2024

Real Solutions Artificial Intelligence, Cybersecurity, Cybersecurity Policy, Federal Government Affairs, Technology and Innovation

Future of AI Innovation Act Improves Responsible AI Innovation in Federal Government and Private Sectors

Amy Chang, Haiman Wong April 23, 2024

Real Solutions Budget and Spending Reform, Federal Government Affairs, Finance and Trade, Governance, Pensions

Social Security is going to run out. State pension reform can provide a lesson on how to save it.

Ann Phelan April 23, 2024

Op-Eds Electoral Reform, Governance, Northeast, State Policy

How to secure Virginia elections

Robert Melvin April 9, 2024 Richmond Times-Dispatch

Analysis Harm Reduction, Sexual Health

HPV Vaccination: A Sexual Health Harm Reduction Success Story

Chelsea Boyd April 22, 2024

Op-Eds Federal Government Affairs, Patent, Technology and Innovation

The patent absurdity of pharmaceutical prices

Marc Hyden April 22, 2024 The Newnan Times-Herald

Op-Eds Alcohol Policy, Competition Policy, Midwest, State Policy

How Michigan lost $1 million of liquor

C. Jarrett Dieterle April 6, 2024 Reason

In the News Federal Government Affairs, Online Content Policy, Technology and Innovation

The Coddling of the American Parent

Shoshana Weissmann April 21, 2024 The Daily Beast

Op-Eds Alcohol Policy, Competition Policy, Northeast, State Policy

Letter: Dan Casey cites outdated data on cocktails-to-go

Robert Melvin April 9, 2024 The Roanoke Times

Op-Eds California, Online Content Policy, State Policy, Technology and Innovation

Heartburn doesn’t stop California lawmakers from quashing speech

Steven Greenhut April 19, 2024 Orange County Register