The Cyberspace Solarium Commission, a nonpartisan group founded to evaluate government cyberattack defenses and propose remedies for any issues found, has released 80 recommendations that include creating a new government group to create cybersecurity metrics.

While the newly proposed ‘Bureau of Cyber Statistics’ is suggested to be housed in the Commerce Department, the focus is less on where it would reside, and more on how to use meaningful data to measure and reduce risks in online activities.

The metrics that this bureau will collect would come from both government agencies and private business. While in the past, having a record that included little to no cyber breaches could indicate that a group simply hadn’t been targeted, we’ve now reached a point in which attacks are nearly constant, so analyzing performance against them provides important data.

This data would be reported on a yearly basis and would be anonymized for the purpose of performing statistical analysis. To get some of this data from businesses, the Commission also recommends amending the 2002 Sarbanes-Oxley Act (SOX) to add cybersecurity reporting to the existing reporting required of public companies. These reports would require metrics surrounding risk assessments, penetration testing, and the speed at which incidents are resolved.

While these recommendations are relatively novel, some of the ideas proposed have been talked about for years. One of these proposals is to pass a law on national breach notifications, although members of Congress don’t see a path forward to do so. To complete some of the recommendations, the executive branch will need a stronger subpoena power to be able to compel private businesses to share their cybersecurity information.

Private business is often reluctant to share information about cybersecurity incidents until there is a clear public need, but the hope is that by aggregating this information, a rising tide will lift all boats and all entities will end up safer. There will need to be buy-in and a perceived benefit in order to get the most accurate and complete information to be reported. Where possible, this should be a collaborative effort rather than simply a mandate.

When we deal with data at Extract, we have procedures in place to minimize the potential for data exposure. Rather than sending your documents to us for automated redaction or indexing, we keep them behind your firewall to ensure your safety standards are in place. This is how, with over five billion pages processed, we haven’t had a single reported data privacy breach.

If you’d like to learn more, please reach out today.

About the Author: Chris Mack

Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing. Chris received his bachelor’s degree in English from Bucknell University and has an MBA from the University of Notre Dame. A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.