In his book The Psychological Edge: Strategies For Everyday Living, clinical psychologist Dr. Samuel Shein writes that while we have a National Transportation Safety Board (NTSB), there is no National Psychological Research Board (NPRB). A group like the NPRB could investigate national disasters caused by those with psychological issues.
Even with tragedies such as the Columbine High School and Sandy Hook Elementary School massacres, to the Heaven's Gate mass suicide, 9/11 and more; the US still lacks a central agency that deals with psychological-based tragedies. Creating a NPRB could be crucial to avoid future tragedies and senseless deaths.
With regards to information security, the Sony breach of 2014 shows that the time has arrived to create a National Cybersecurity Safety Board (NCSB). The debacle of the FBI prematurely attributing the attack to the North Korean government is still causing embarrassment, especially to information security professionals who note that attribution, and determination of root cause and probable cause, takes time to determine.
As for the NTSB, in 1967, Congress established the NTSB as an independent agency placed within the Department of Transportation (DOT). Based on that, the NCSB would likely be placed within the Department of Commerce, Federal Trade Commission or most likely the Department of Homeland Security.
In creating the NTSB, Congress envisioned that a single organization with a clearly defined mission could more effectively promote a higher level of safety in the transportation system than the individual modal agencies working separately.
In 2000, the NTSB embarked on a major initiative to increase employee technical skills and make its investigative expertise more widely available to the transportation community by establishing the NTSB Academy at George Washington University. To date, it has issued over 13,000 safety recommendations to more than 2,500 recipients.
Based on the success of the NTSB, I think a NCSB that could perform similar tasks when it comes to information security. Transportation disasters and security breaches have many parallels, and by having a body to investigate information security breaches and advise on security safety, the entire industry would benefit.
What would a NCSB look like? As a start, when an investigation of a major breach would occur, there would be a NCSB go team comprised of specialists in fields. The go team would include experts in the following areas: malware, digital forensics, application security, network security, network infrastructure, operating systems and more. They would work in concert with the breached organizations and affected vendors.
Like the NTSB, the NCSB would determine if it needs to hold a public hearing on the breach. After all that is done, it would publish a final report and issue security recommendations. Like the NTSB, the NCSB would likely not have any legal authority to implement, or impose, its recommendations. That burden would fall upon regulators at either the federal or state level.
Sign up for CIO Asia eNewsletters.