Rob Knake, Adam Shostack, Tarah Wheeler
Belfer Center for Science and International Affairs
Sinopse: Over four months in the spring of 2021, over 70 experts participated in a (virtual) workshop on the concept of creating a “Cyber NTSB”. The workshop was funded by the National Science Foundation with additional support from the Hewlett Foundation, and organized by Harvard’s Belfer Center with support from Northeastern University’s Global Resilience Institute.
The first call for the creation of a Cyber NTSB was in 1991. Since that time, many practitioners and policymakers have invoked the analogy, but little has been done to develop the concept. This workshop was carried out with the goal of moving the concept forward.
The NTSB acts as an inspiring metaphor because it helped transform the nascent technology of aviation. It’s easy to forget how much airplanes shrunk the planet over the last century, making it possible to go anywhere in the world quickly, safely, and reliably, but that was not always the case.
It’s also easy to forget how often planes crashed. The NTSB is the best known of the broad, deep, and intertwined set of aviation safety programs we learned about. While participants challenged and tested the model, the ultimate conclusion was that the information technology industry does not have strong processes for extracting lessons learned and publishing them when incidents occur. Today, cybersecurity has no authoritative, independent investigations whose focus is learning lessons, distributing them, and enabling systematic improvements.
