CybersecurityTo prevent cyberattacks, create agency similar to National Transportation Safety Board: Experts

Published 14 February 2018

After arguably the worst year ever for cyberattacks and data breaches, Indiana University research suggests it may be time to create an independent cybersecurity agency board comparable in approach to the National Transportation Safety Board that investigates airplane crashes and train derailments.

Call for NTSB-like government board // Source: yahoo.com

After arguably the worst year ever for cyberattacks and data breaches, Indiana University research suggests it may be time to create an independent cybersecurity agency board comparable in approach to the National Transportation Safety Board that investigates airplane crashes and train derailments.

“In the wake of a series of destabilizing and damaging cyberattacks ranging from Equifax to Yahoo, there has been a growing call for the U.S. government to establish an analogue of the National Transportation Safety Board to investigate cyberattacks,” the researchers write in the Albany Law Journal of Science and Technology.

The safety board model “separates fact-finding proceedings from any questions of liability, allowing attribution to be established, for example, without parties initiating litigation.”

The paper’s authors are Scott Shackelford, associate professor of business law and ethics in the IU Kelley School of Business, chair of the Cybersecurity Program and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance at IU Bloomington; and Austin Brady, a degree candidate in the IU Maurer School of Law and IU’s Master of Science in Cybersecurity Risk Management.

IU says that this approach has been floated in recommendations to the Trump administration by the Center for Strategic and International Studies. But until now, the idea has never received in-depth academic treatment. In their paper, Shackelford and Brady review what led to the passage of the NTSB and evaluate proposals to establish a “National Cybersecurity Safety Board.”

“Propositions for strengthening U.S. cybersecurity range widely, from federally sponsored cyber risk insurance programs — akin to flood insurance — to allowing companies to have a freer hand to engage in proactive cybersecurity