From CyberWire:

American think tank R Street held a virtual event yesterday focused on “Measuring Success in Cybersecurity,” and speakers agreed that more data gathering is needed in order to properly assess the US’s cybersecurity performance, GovTech reports. Dylan Presman, director for budget and assessment in the Office of the National Cyber Director, explained, “Tracking cybersecurity performance with metrics provides insight into which tools and interventions are effective, provides us with early warning when they’re not effective, or when new interventions are needed to consider and additional resources needed.” Tony Cheesebrough, chief economist at the Cybersecurity and Infrastructure Security Agency (CISA), says increased incident reporting will help, but it’s not enough on its own. Additional data like the number of particular devices being used and how attacks have been prevented would paint a more complete picture of the cybersecurity landscape. Olga Livingston, cyber economics lead at CISA, also says more time should be spent assessing how well individual protocols work in order to determine which are merely nice to have, and which are essential. Livingston stated, “We have shared understanding of what good practices are, but the data is yet to come in as to which ones are bloodletting and leeches and which ones are penicillin.”