Rob Knake, Principal Investigator
Adam Shostack, Co-Principal Investigator
Steve Bellovin, Project Advisor
To learn more about our Cyber NTSB project please contact:
Sr. Research Scientist in Cybersecurity and Security, Global Resilience Institute
The National Transportation Safety Board is an independent Federal agency charged by Congress with investigating every civil aviation accident in the United States and significant accidents in other modes of transportation – railroad, highway, marine and pipeline. The NTSB determines the probable cause of the accidents and issues safety recommendations aimed at preventing future accidents. In addition, the NTSB carries out special studies concerning transportation safety and coordinates the resources of the Federal Government and other organizations to provide assistance to victims and their family members impacted by major transportation disasters.
The idea of modeling an entity to investigate cyber incidents on the NTSB was first proposed in 1991. Since then, multiple reports and studies have proposed its creation yet no in-depth proposal has ever been developed. GRI received a small grant from the National Science Foundation (NSF) to hold a workshop on the concept in the Spring of 2020. Prior to the event, GRI is working to flesh out the operational details of a Cyber NTSB. In addition, GRI is analyzing how increased transparency and accountability for cyber incidents can be used to improve cyber resilience. For more information, please contact firstname.lastname@example.org.
Related Case Study
Anatomy of a Megabreach: Equifax Report
Frequently Asked Questions
How does the National Transport Safety Board (NTSB) work?
In short, the National Transport Safety Board is a government entity tasked with investigating civil transportation accidents. Following the accident, NTSB releases a preliminary report within a few days, a factual report when the investigation concludes, and the final report with the final description and probable cause.
National Transport Safety Board Methodology for Investigating Operator Fatigue in a Transportation Accident
The approach of the National Transport Safety Board is to deduce the exact details of an event via a variety of checklists. This particular checklist emphasizes the role of human error – i.e. exhaustion – in various accidents. The methodology begins with establishing four primary questions. These questions center around habits leading up to the accident and segue into initial observations. Within a cyber context, simple behaviors such as lending out passwords, using a USB device, or employee disgruntlement may establish the premise for a consequent cyber incident.
This manual establishes the key points of a large scale accident investigation. An investigation of this caliber is broken up into pre-investigation preparation, notification and initial response, on-scene activities, identifying responsibilities, post-on-scene activities, etc. By laying out the step-by-step processes by which the transportation industry may investigate large scale accidents, the room for error in consequent courses of action drops exorbitantly. Within a cyber-context, laying out a process by which private and public sector entities investigate cyber incidents would mirror the same result.
Six recommendations published by the Commission on Physical Sciences, Mathematics and Applications, the Computer Science and Telecommunications Board, National Research Committee and System Security Study Committee that underscore the need to launch an oversight process to assist in the secure use of computer and communications systems.
Richard Bejtlich, FireEye’s former Chief Security Strategist, proposing the creation of a National Digital Security Board (NDSB) mirrored after the National Transport Safety Board (NTSB).
The Case for a Cyber-Security Safety Board: A Global View on Risk. The RAND Corporation blog calling for the implementation of a committee to undertake impartial expert investigations – a ‘cyber safety board.’
Steven M. Bellovin, The Major Cyberincident Investigations Board, 10 IEEE SECURITY & PRIVACY 96 (Nov.-Dec. 2012)
The Major Cyber Incident Investigations Board IEEE alluding to the NTSB being the reason why the aviation industry is remarkably safe. Given that no board of this nature exists for cyber incidents, these incidents will continue.
It’s Time for a National Cybersecurity Safety Board Ben Rothke, following the Sony breach of 2014, calls for the creation of a National Cybersecurity Safety Board (NCSB) to prevent repeated information security breaches.
An analysis in support of a cyber insurance program. A particular emphasis is placed on the lack of private sector transparency, reuse of malware and repeated exploitation of the same vulnerabilities rendering this program difficult to implement at present.
As Americans are moving more data onto cloud servers and external databases, information security requires the creation of a third party investigatory body.
Paul Rosenzweig “The NTSB as a Model for Cybersecurity” Paul Rosenzweig of R Street floats the proposal of Rep. Denny Heck (D – Wash.) in that a Computer Network Safety Board (CNSB) could be constructed along the same lines as the NTSB.
Jessica L. Beyer, Drake Birnbaum, Thomas Zech: “The Next step in Federal Cybersecurity? Considering an NTSB-Style Computer Safety Board”
A study done by the Henry M. Jackson School at the University of Washington shows that federal responsibility for cybersecurity is distributed across numerous active agencies. This current system creates a complex and confusing network actors responsible for cybersecurity.
Bair, Jonathan and Bellovin, Steven M. and Manley, Andrew and Reid, Blake Ellis and Shostack, Adam, That Was Close! Reward Reporting of Cybersecurity ‘Near Misses’ (December 1, 2017). Forthcoming in Colorado Technology Law Journal 16.2; U of Colorado Law Legal Studies Research Paper No. 17-28.
To navigate the fears of reputational risk following a cyberattack, this piece in the Colorado Technology Law Journal argues that mandatory reporting and investigations should be implemented. This route, in addition to a rewards system, would provide incentives for transparency.
A report by The Wall Street Journal stating that when there’s an air crash, regulators investigate. As done previously, contributing author Scott J. Shackelford calls for a similar safety committee be created for cyber incidents.
Denny Heck (D. – Wash) puts forth a campaign platform to improve information security practices via the creation of a Computer Network Safety Board (CNSB).
This paper outlines the benefits of creating a cyber incident data repository. It argues that improved information sharing capabilities amongst the federal government, enterprise risk owners, and insurers will increase awareness around current ‘cyber risk conditions’ and help identify emerging cyber risk trends.
This paper analyzes the events leading up to the second most devastating data breach in history: the attack on the Target Corporation. It breaks down the timeline, methodology and anatomy of BlackPOS – the malware used in the attack. In addition to a case analysis, this paper discusses the lack of consideration placed on safeguarding credit card information, and the need for improved transparency between large private sector entities and government agencies.