National Cyber Director Chris Inglis called for the creation of a bureau of cyber statistics while outlining his priorities for the office in a speech Monday.
The idea, initially proposed by Congress’s bipartisan Cyberspace Solarium Commission, would require the Department of Homeland Security to collect, process, and analyze statistics relevant to cyber threats and cybercrimes. It would require organizations that provide incident response services or cyber insurance to report information every 180 days. Inglis was a member of the same commission prior to his current role.
“I would observe that to properly address risk we have to first understand it. We have to understand where it’s concentrated, where it cascades, what causes it, and more importantly to then discover how to address it,” Inglis said at an Atlantic Council event. “I think all would agree that in the absence of this information, we are going to be episodic, we’re going to be uneven, and perhaps less than optimal in our response to any of these threats which affect all of us in common.”
Inglis said that such threat data could be an important first step in understanding how to respond to adversaries that moving at a “Darwinian speed” to outwit our defenses.
The White House doesn’t have an official policy on the creation of a bureau, Inglis said, adding that the administration is considering the idea.
Inglis’ remarks come as policymakers on the hill explore how to implement the Cyberspace Solarium Commission’s idea into legislation.
Cyberspace Solarium Commission co-chair Sen. Angus King, I-Maine, and Sens. Mike Rounds, R-S.D., and Ben Sasse, R-Neb., introduced legislation last week that would include the creation of a Bureau of Cyber Statistics in the Department of Homeland Security.
During his first few weeks on the job in an entirely new government position, Inglis said he prioritizing the need for unity across federal agencies in order to implement the requirements of Biden’s May executive order reforming federal cybersecurity and improving private-public partnerships. Inglis also said that he is interested in employing the office’s oversight powers to guide budgetary decisions around cybersecurity.
Correction 08/3/21: This article was updated to correctly reflect the date of Inglis’ speech.