Cybersecurity is a constant, and, by all accounts growing, challenge. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures—and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses.

Advocates a cybersecurity “social contract” between government and business in seven key economic sectors

Cybersecurity vulnerabilities in the United States are extensive, affecting everything from national security and democratic elections to critical infrastructure and economy. In the past decade, the number of cyberattacks against American targets has increased exponentially, and their impact has been more costly than ever before. A successful cyber-defense can only be mounted with the cooperation of both the government and the private sector, and only when individual corporate leaders integrate cybersecurity strategy throughout their organizations.

A collaborative effort of the Board of Directors of the Internet Security Alliance, Fixing American Cybersecurity is divided into two parts. Part One analyzes why the US approach to cybersecurity has been inadequate and ineffective for decades and shows how it must be transformed to counter the heightened systemic risks that the nation faces today. Part Two explains in detail the cybersecurity strategies that should be pursued by each major sector of the American economy: health, defense, financial services, utilities and energy, retail, telecommunications, and information technology.

Fixing American Cybersecurity will benefit industry leaders, policymakers, and business students. This book is essential reading to prepare for the future of American cybersecurity.

Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets. This report characterizes these markets and how they have grown into their current state to provide insight into how their existence can harm the information security environment. Understanding these markets lays the groundwork for exploring options to minimize their potentially harmful influence.

Understanding the cybersecurity threat landscape is critical to mitigating threats, apportioning limited resources, and hosting a resilient, safe, and secure Olympic Games. To support the security goals of Tokyo 2020, this report characterizes the cybersecurity threats that are likely to pose a risk to the games, visualizes a threat actor typology, and presents a series of policy options to guide cybersecurity planning.

As computers are increasingly embedded, ubiquitous and wirelessly connected, security becomes imperative. This has led to the development of the notion of a 'trusted platform', the chief characteristic of which is the possession of a trusted hardware element which is able to check all or part of the software running on this platform. This enables parties to verify the software environment running on a remote trusted platform, and hence to have some trust that the data sent to that machine will be processed in accordance with agreed rules.

Zero-day vulnerabilities—software vulnerabilities for which no patch or fix has been publicly released—and their exploits are useful in cyber operations, as well as in defensive and academic settings. This report provides findings from real-world zero-day vulnerability and exploit data that can inform ongoing policy debates regarding stockpiling (i.e., keeping zero-day vulnerabilities private) versus disclosing them to the public.