But, over time, I have come to a conclusion on the most important cyber legislation the nation needs and I would like to share that with you.
So here is how I replied to the request from my friend the former representative:
I worry so much about the state of cyber. I worry about our tech, our education system, our procedures, our laws, our military, our economy. But the thing I worry the most about is the continual inaction. And I think that is because of a lack of awareness and a general ignorance of the state of cybersecurity.
So, I’ve become convinced that the most important thing we can do is drive for better metrics on the state of cybersecurity in the nation.
Like Abraham Lincoln said, “If we could first know where we are, and whither we are tending, we could better judge what to do, and how to do it.”
So, if there was one thing to put in legislation, it would be coherent breach reporting guidelines. We need this in order to generate data that can drive assessments and awareness and help with fact-based analysis on what to do next.
Everything else is secondary. Get the metrics on breach reporting, and that should hopefully help drive the many other actions required.