One of the biggest problems facing the U.S. is the fact that there is not much data on the prevalence or scale of cyber attacks. In the private sector, the only attacks that are made public or disclosed to the government are the ones that companies choose to report, which is a much smaller number than what actually occurs on a day-to-day basis. Furthermore, because of a lack of concrete data, cyber threats are hard to anticipate or prepare for. In order to get around these problems, the paper lays out a set of recommendations for the government to put in place, including but not limited to creating an institution that has the sole purpose of monitoring cyber threats to the private sector, and opening up competitions to generate better data models to understand potential threats.
