Information-Sharing Policy and Cybersecurity

Security through obscurity is dead–government and industry increasingly realize that soliciting and sharing information about security vulnerabilities and hacks is a vital part of building a more secure cyber ecosystem. How and when these disclosures take place, as well as to whom they are made, have impacts on the market forces shaping cybersecurity and on the broader cyber risk landscape. And, the ways in which organizations, including government, respond to incidents and take lessons away shape their cyber future.


The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

Incidents, Vulnerabilities, and Information Sharing

Thu, Feb 8, 2024

Future-Proofing the Cyber Safety Review Board

The Cyber Safety Review Board seeks to examine and learn from complex failures in cyberspace. As Congress considers how to design its next iteration, there are ways to make it more effective and adaptable for the increasing challenges to come.

by Maia Hamin, Alphaeus Hanson, Trey Herr, Stewart Scott

Cybersecurity Incidents, Vulnerabilities, and Information Sharing

Wed, Jun 14, 2023

Who’s Afraid of the SEC?

The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.

by Maia Hamin

Cybersecurity Incidents, Vulnerabilities, and Information Sharing