Learning from Cyber Incidents
From 2016-2021, the Belfer Center's Cyber Project worked on how lessons can be learned from cyber incidents to better inform defense measures. The focus of this work expanded on the concept of a “Cyber National Transportation Safety Board (NTSB)” and creating a “Near Misses” reporting system, both modeled on how safety improvements are made following an aviation incident.
With support from the National Science Foundation and the Hewlett Foundation, the Belfer Center hosted a series of workshops in 2021.
About the project
The idea of modeling an entity to investigate cyber incidents on the National Transportation Safety Board (NTSB) was first proposed in 1991 in a National Research Council report. Since then, multiple individuals and group reports have proposed its creation yet no in-depth proposal has ever been developed. Among the issues remaining to be examined is the scope of the proposed Cyber NTSB’s authority and investigative powers and its position among the existing investigative agencies including the NSA and FBI.
Similarly, the idea of modeling a learning system for cybersecurity on the aviation industry’s “near miss” reporting efforts has been proposed but no pilot efforts have been undertaken. A principle concern in this area is the need for whistleblower protections and potential conflict with corporations’ disinclination to disclose cybersecurity risks. The Learning From Cyber Incidents project is focused on moving these concepts forward toward implementation through a workshop series and ongoing policy development.
President Biden issued an executive order on May 12, 2021 calling for the Secretary of Homeland Security to establish a Cyber Safety Review Board. The executive order envisions a review board that will convene to review and assess major cybersecurity incidents at the direction of the President or when the Secretary of Homeland Security deems it necessary. Representatives from the Department of Defense, the Department of Justice, CISA, NSA, and FBI, as well as appropriate private-sector cybersecurity or software suppliers determined by the Secretary of Homeland Security, will sit on the Board. The guidance outlined in the executive order will inform the Learning From Cyber Incidents project’s next steps in supporting the development of a Cyber Safety Review Board.

Learning from Cyber Incidents: Adapting Aviation Safety Models to Cybersecurity
Over four months in the spring of 2021, over 70 experts participated in a (virtual) workshop on the concept of creating a “Cyber NTSB”. The workshop was funded by the National Science Foundation with additional support from the Hewlett Foundation, and organized by Harvard’s Belfer Center with support from Northeastern University’s Global Resilience Institute.