Cyber security is a “nebulous domain… that tends to resist easy measurement and, in some cases, appears to defy any measurement,” according to a report issued in March by Sandia National Laboratories.
In order to establish a common vocabulary for discussing cyber threats, and thereby to enable an appropriate response, the Sandia authors propose a variety of attributes that can be used to characterize cyber threats in a standardized and consistent way.
“Several advantages ensue from the ability to measure threats accurately and consistently,” the authors write. “Good threat measurement, for example, can improve understanding and facilitate analysis. It can also reveal trends and anomalies, underscore the significance of specific vulnerabilities, and help associate threats with potential consequences. In short, good threat measurement supports good risk management.”
See “Cyber Threat Metrics” by Mark Mateski, et al, Sandia National Laboratories, March 2012.
As Congress begins the FY27 appropriations process this month, congress members should turn their eyes towards rebuilding DOE’s programs and strengthening U.S. energy innovation and reindustrialization.
Politically motivated award cancellations and the delayed distribution of obligated funds have broken the hard-earned trust of the private sector, state and local governments, and community organizations.
In the absence of guardrails and guidance, AI can increase inequities, introduce bias, spread misinformation, and risk data security for schools and students alike.
Over the course of 2025, the second Trump administration has overseen a major loss in staff at DOE, but these changes will not deliver the energy and innovation impacts that this administration, or any administration, wants.