Developing Mandatory Reporting for Cyber-Attacks on U.S. Businesses


  • Baylor Franck DoD
  • Dr. Reith AFIT/DoD



Cyber, DoD, Policy, Business


The goal of this paper is to argue for the mandatory reporting of cyber-attacks on critical U.S. infrastructure, industries, and companies to the Department of Defense (DoD) for the DoD to improve national security through a clearer understanding of the threats and how to position the U.S. for better defense. The paper will first discuss who will be subject to mandatory reporting and propose a template for the requirements of reporting such as the turnaround time to report and the details needed from the attack. The paper will provide an argument showing the benefit to the DoD requiring reporting and why it should be concerned about external cyber-attacks on non-DoD systems. The paper will then look on the private sector viewpoints to discuss the benefits of mandatory reporting such as the bottom line and brand awareness. Additionally, the paper will also discuss how the consumer will benefit from mandatory reporting with a focus on both financial and privacy issues. Lastly, the paper will address some key points of dissent on the topic of mandatory reporting as well some evidence to push back or show how the negatives of not reporting outweighs the negative of reporting. After reading the paper, the reader will have a better picture of the current status of cyber-attacks on the private sector, how these attacks effect the DoD’s mission, and why mandatory reporting can help enhance private sector cybersecurity. More research is needed to better understand the legal argument for requiring reporting on cyber-attacks as well as economic incentives for compliance, however this paper is not intending to answer that argument given the authors do not come from the legal or economic disciplines.

Author Biography

Dr. Reith, AFIT/DoD

Dr. Mark G. Reith

Mark G. Reith received the B.S. degree in Computer Science from the University of Portland, Portland, OR, USA, in 1999, the M.S. degree in Computer Science from the Air Force Institute of Technology, Wright-Patterson Air Force Base, OH, USA, in 2003, and the Ph.D. degree in Computer Science from the University of Texas at San Antonio, San Antonio, TX, USA, in 2009. He currently serves as an Assistant Professor of Computer Science with the Department of Electrical and Computer Engineering.  He served 20 years in the Air Force, culminating as the Director of the Center for Cyberspace Research. His current research interests are cyber warfare theory & practice, Agile software engineering & modeling, engineering security into software, software exploitation, reverse engineering, malicious code detection & counter technologies, and artificial intelligence.