Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.

CCC Quadrennial Paper Recommends an Approach to National Cybersecurity Based on the US Public Health System

March 12th, 2025 / in CCC, Quad Paper / by Catherine Gill

 

The fields of Cybersecurity and Public Health possess many similar attributes. For one, both fields prioritize prevention over reaction in the case of cyber attacks or outbreaks, and both quickly begin focusing on tracking and containment when preventative measures fail. Experts in both fields strive to build resilient systems to mitigate vulnerabilities and rely heavily on communication and public awareness to mitigate cyber and health risks, especially during outbreaks or hacks.

 

Cybersecurity today, much like Public Health in the 19th and early 20th centuries, faces challenges in measuring and improving outcomes at a population level, and lacks a comprehensive framework to measure its effectiveness at a large scale. While we know the risks and threats — ranging from data breaches to cyberattacks — there are still many unknowns. For example, how much would investing in antivirus software reduce successful attacks? Or what is the actual impact of cybersecurity measures on preventing breaches?

 

CCC recently released a CRA Quadrennial Paper on this topic, titled, Lessons for Cybersecurity from the American Public Health System, authored by Adam Shostack (University of Washington), L. Jean Camp (Indiana University), Yi Ting Chua (University of Tulsa), Josiah Dykstra (Trail of Bits), Brian LaMacchia (FARCASTER Consulting Group), and Daniel Lopresti (Lehigh University). In this paper, the authors advocate for building a “Cybersecurity Public Health” (CPH) framework to systematically collect cybersecurity data, evaluate outcomes, and coordinate efforts between government and private sectors. Just as the CDC tracks disease outbreaks, America needs national institutions dedicated to tracking and responding to cybersecurity threats. Below, we outline many of the major recommendations from this Quadrennial Paper.

Recommendations for Advancing Cybersecurity Public Health (CPH)

 

    • Establish a Bureau of Cyber Public Health Statistics
      A government agency should be created to measure the cybersecurity health of the nation (similarly to how the CDC does this for public health). This would identify gaps in current knowledge and facilitate research.

 

    • Federal Coordination and Framework Development
      The Federal Government should coordinate cybersecurity efforts across sectors by incorporating CPH principles into the National Cybersecurity Strategy and developing a National CPH Framework.

 

    • Create a National Cybersecurity Data Repository
      A centralized, secure repository of cybersecurity data would help accelerate research and innovation. This data-sharing initiative would enable better analysis and inform decision-making across sectors.

 

    • Develop Reporting Standards
      Just as disease outbreaks are reported in public health, cybersecurity incidents should be reported consistently and with a focus on long-term learning, rather than immediate threats alone.

 

    • Invest in Cybersecurity Research
      Federal funding should be allocated to support research that investigates the effectiveness of cybersecurity measures, including stress tests of critical infrastructure and collaboration with the private sector.

The Path Forward

 

The recommendations outlined in this Quadrennial Paper point toward a future where cybersecurity is approached with the same level of rigor and national coordination as public health, ensuring that the nation’s digital infrastructure remains resilient and secure. By investing in research, establishing clear reporting standards, and fostering collaboration across sectors, we can build a cybersecurity public health system that not only tracks and responds to threats but also improves long-term outcomes for the digital age. 

 

To learn more about the authors’ argument for establishing a Cybersecurity Public Health framework and their recommendations for achieving this, read the full CRA Quadrennial Paper, Lessons for Cybersecurity from the American Public Health System, on our website. If you are especially interested in our nation’s approach to cybersecurity, we encourage you to share this paper with your networks.

 

The CCC has released 6 Quadrennial Papers as part of the CRA’s 2024-2025 Quadrennial Papers Series. See the full list of CRA Quadrennial Papers here, and please share these papers with your colleagues!

 

Disclaimer: Posts on this blog report on happenings, opportunities, and issues that arise in the broad computing research community, and do not necessarily reflect the opinion of the CCC or the National Science Foundation.


Related posts:

  1. CCC Quadrennial Paper Addresses Educating the Next Generation Robotics Technology Workforce
  2. CRA Releases 2024-2025 Quadrennial Paper Series, Including Many CCC Led Papers
  3. CCC Quadrennial Papers: Socio-Technical Computing
  4. CCC Quadrennial Papers: Broad Computer Science
  5. CCC Quadrennial Papers: Artificial Intelligence
CCC Quadrennial Paper Recommends an Approach to National Cybersecurity Based on the US Public Health System

Tags: