Lessons for Cybersecurity from the American Public Health System

Adam Shostack (University of Washington); L. Jean Camp (Indiana University); Yi Ting Chua (University of Tulsa); Josiah Dykstra (Trail of Bits); Brian LaMacchia (FARCASTER Consulting Group); Daniel Lopresti (Lehigh University)

arXiv:2506.12257·cs.CR·June 17, 2025

Lessons for Cybersecurity from the American Public Health System

Adam Shostack (University of Washington), L. Jean Camp (Indiana University), Yi Ting Chua (University of Tulsa), Josiah Dykstra (Trail of Bits), Brian LaMacchia (FARCASTER Consulting Group), Daniel Lopresti (Lehigh University)

PDF

Open Access

TL;DR

This paper draws parallels between cybersecurity and public health systems, emphasizing the need for structured data collection, outcome measurement, and coordinated responses to improve cybersecurity resilience.

Contribution

It proposes adopting public health strategies for cybersecurity, highlighting the importance of systematic data collection and coordinated response frameworks.

Findings

01

Public health systems effectively track disease outbreaks.

02

Structured data collection improves response coordination.

03

Applying health system principles can enhance cybersecurity resilience.

Abstract

The United States needs national institutions and frameworks to systematically collect cybersecurity data, measure outcomes, and coordinate responses across government and private sectors, similar to how public health systems track and address disease outbreaks.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsPublic Health Policies and Education · Ethics in Clinical Research · Information and Cyber Security