Cyber security is a “nebulous domain… that tends to resist easy measurement and, in some cases, appears to defy any measurement,” according to a report issued in March by Sandia National Laboratories.
In order to establish a common vocabulary for discussing cyber threats, and thereby to enable an appropriate response, the Sandia authors propose a variety of attributes that can be used to characterize cyber threats in a standardized and consistent way.
“Several advantages ensue from the ability to measure threats accurately and consistently,” the authors write. “Good threat measurement, for example, can improve understanding and facilitate analysis. It can also reveal trends and anomalies, underscore the significance of specific vulnerabilities, and help associate threats with potential consequences. In short, good threat measurement supports good risk management.”
See “Cyber Threat Metrics” by Mark Mateski, et al, Sandia National Laboratories, March 2012.
These ideas aim to advance the detailed policy solutions needed to foster public trust and implement fairness in the adoption of AI across diverse domains, from healthcare and government benefits to rural access, education, and worker protections.
The evidence is clear: algorithmic pay-setting is established in app-based work, and payroll/timekeeping failures show how software can produce systemic wage harm at scale
While a few states have taken steps to implement decision-making mechanisms for certain AI systems, too many leaders are simply accepting narratives about AI’s purported public benefit at face value – jumping to the “how” of AI implementation before thoroughly vetting potential systems and deciding whether they are appropriate to use at all.
When properly structured — with specific numeric targets, secured financial obligations, independent monitoring, and meaningful enforcement — CBAs transform data center deals into durable community partnerships.