DHS Report Urges Research into Cyber Market Failures

Kritsana Maimeetook/Shutterstock.com

Featured eBooks

The Government's Artificial Intelligence Reality
What’s Next for Federal Customer Experience
Cloud Smarter

The research road map urges examining the long-term effects of laws, regulations and supply chain vulnerabilities.

Government and industry should focus their cyber research efforts on how to better hold component manufacturers responsible for cybersecurity lapses that could endanger vast amounts of data across entire supply chains, according to a research roadmap released Tuesday.

That research should focus on topics including how current product liability laws could be adjusted to make component manufacturers more responsible for security lapses and how key stakeholders in a product’s supply chain could be made to bear the cost of insecurity, according to the report from the Homeland Security Department’s Cyber Risk Economics program.

Researchers should also focus on ways to improve transparency about cybersecurity for consumers, the report states.

The report doesn’t describe current government research efforts but is essentially a research game plan for public and private organizations that want to reduce economic, legal and bureaucratic barriers to improving the nation’s cybersecurity.

Other main research topics include how legal regimes and regulations affect cybersecurity and barriers to creating broad cyber insurance markets, which many analysts believe will be crucial to imposing standard cyber requirements across industry.

Regulation-focused research topics include how government can write rules that are flexible enough to not become outdated as technology adapts and an analysis of when government’s better off facilitating industry-driven cyber standards rather than top-down regulation.

Researchers should also examine possible second and third order consequences of government regulation and other interventions in the market to help policymakers contemplate whether those interventions will be worthwhile in the long run, the report states.

The report recommends developing a cybersecurity equivalent to the “stress tests” that government performed on banks during the 2008 financial crisis to determine whether they were resilient enough to survive similar crises in the future.