Analyzing and investigating Cyberattacks
The Institute will facilitate the collective analysis, research, and investigation of cyberattacks, perpetrated by sophisticated actors, including by assessing their harm, and bringing greater transparency to the problem so everyone has better information to inform action.
The following mechanisms and areas of focus will constitute the Institute's primary means of action under this pillar:
- Coordinating a consortium of experts from academia, industry, and civil society, and maintaining a clearinghouse of cyberattack data
- Conducting technical and impact analysis of sophisticated cyberattacks
- Creating a credible and transparent standard for evaluating sophisticated cyberattacks and their economic and societal impacts
The Consortium and Clearinghouse
The Institute will pursue its accountability mandate in collaboration with partners, seeking to amplify, complement, and broaden the scale and impact of existing efforts to collect data on and analyze cyberattacks to better understand attacker behavior and improve defenses. To do so, the Institute will operate a consortium of academic, private sector, and civil society members that will pool data in a clearinghouse, foster exchange, and partner on cooperative analysis.
Technical and impact analysis
The Institute will focus on identifying developments and trends in attacker tools, techniques, and practices, as well as assess the impacts of attacks, seeking to advance economic and social analysis of cybersecurity. To inform efforts led by others, the Institute will make the information publicly available.
To promote transparency and confidence in the findings of its findings, and support the analysis work of others, the Institute will establish and adhere to a transparent, standardized methodology to link forensic evidence with economic and societal impacts and alignment with existing law and norms, as well as confidence metrics for reaching different conclusions.