Chris Inglis, the nation’s first-ever national cyber director, has called for the establishment of a Bureau of Cyber Statistics, which would exist within the Department of Homeland Security, to collect and publish cybersecurity statistics to properly understand cyber threats and how to address them.
Speaking at the Atlantic Council on August 2, Inglis noted that when Benjamin Franklin served as postmaster general, he asked postmasters across the nation to write down what weather conditions they were experiencing in their areas every couple of hours and to send in their results.
After gathering postcards from across the nation, Franklin discovered that weather doesn’t emanate from local conditions, but instead swept across the nation from west to east.
Inglis said cybersecurity should follow the same approach by gathering data and information across the nation to gain a better picture of the United States’ cybersecurity threats.
“It wasn’t until we put that picture together that we understood what was happening locally. The same thing is true in terms of what’s happening in cyberspace,” Inglis said. “Unless we can kind of ride across the boundaries that jurisdictionally divide us, we’re not going to find out the trends that afflict all of us, and we, therefore, have to appeal to a collection of that data somehow so that we can get our arms around this.”
Inglis said the Bureau of Cyber Statistics would “mandate that organizations providing cybersecurity incident response services or insurance products” produce such data every 180 days for statistical purposes.
“To properly address risk, we have to first understand it, we have to understand where it’s concentrated, where it cascades, what causes it, and more importantly to then discover how to address it,” he said. “The Bureau of Cyber Statistics would do just that.”
Inglis also endorsed the establishment of the National Cyber Resilience Assistance Fund, which he said could be used, based on accurate information from the Bureau of Cyber Statistics, to “invest in a system where we achieve resilience and robustness to avoid the problems that we’ve been experiencing over the last many years.”
“Imagine we get from a place where each had to defend ourselves based upon what we alone inside of our stovepipe knows, to a place where I actually know something about what’s coming at me,” Inglis said. “You can then, based upon information that might come from pure cyber statistics, build your defenses such that you understand truly what your adversaries gain is, and essentially steal the mark by not so much responding well, but by preventing well.”
The creation of the Bureau of Cyber Statistics and the National Cyber Resilience Assistance Fund is included in the proposed Defense of United States Infrastructure Act, introduced by Sens. Angus King, I-Maine, co-chair of the Cyberspace Solarium Commission (CSC), Mike Rounds, R-S.D., and Ben Sasse, R-Neb., commissioner of the CSC.
The CSC recommended the creation of Inglis’s current job, as well as the creation of the Bureau of Cyber Statistics.