Cyber security is a “nebulous domain… that tends to resist easy measurement and, in some cases, appears to defy any measurement,” according to a report issued in March by Sandia National Laboratories.
In order to establish a common vocabulary for discussing cyber threats, and thereby to enable an appropriate response, the Sandia authors propose a variety of attributes that can be used to characterize cyber threats in a standardized and consistent way.
“Several advantages ensue from the ability to measure threats accurately and consistently,” the authors write. “Good threat measurement, for example, can improve understanding and facilitate analysis. It can also reveal trends and anomalies, underscore the significance of specific vulnerabilities, and help associate threats with potential consequences. In short, good threat measurement supports good risk management.”
See “Cyber Threat Metrics” by Mark Mateski, et al, Sandia National Laboratories, March 2012.
“Given the number of existential crises we must collectively confront, I have found policy entrepreneurship to be a fruitful avenue towards doing some of that work.”
We sit on the verge of another Presidential election – an opportunity for meaningful, science-based policy innovations that can appeal to lawmakers on both sides of the aisle.
Outdated Bureau of Labor Statistics classifications hampers the federal government’s ability to design and implement effective policies for emerging technologies sectors.
Science funding agencies are biased against risk, making transformative research difficult to fund. Forecast-based approaches to grantmaking could improve funding outcomes for high-risk, high-reward research.