In his keynote last year at the Black Hat USA conference, Dan Geer proposed 10 policy recommendations he thinks will make the digital world a much safer one. Here’s a much-condensed version of his ideas.

Mandatory reporting for cybersecurity failures: Geer argues that organizations should be legally required to report failures above a certain level of severity.

Two net neutrality options: Geer proposes that ISPs either charge whatever price they like based on their content and assume liability for any damage that content causes; or charge only for carrying the content and be free from liability, but give up right to inspect or alter the content.

Require software liability: Software should be covered by product liability, Geer says. Software companies should make their product code open-source, so customers can tweak bits they don’t want to use, or else they must assume liability for any damages it causes.

Strike backs OK: When necessary, companies, individuals and governments should strike back against cyber attackers with counter attacks or campaigns to identify the target. Geer says smaller agencies will often need to share resources because they’re not powerful enough to pull it off on their own.





Build resiliency into embedded systems: Computer systems that are embedded in larger systems should be designed so that people can shut them down remotely. Geer says if they don’t have remote management, they should at least have the ability to self-terminate after a set period of time.

Corner the world vulnerability market: Geer believes the U.S. should buy (from hackers) and disclose all “zero-day” vulnerabilities (unknown holes in software) to wipe out the world’s supply of cyber weapons.

Make the “right to be forgotten” possible: The EU’s “right to be forgotten” doesn’t go far enough, according to Geer. He believes people should also have ability to misrepresent themselves online to confound surveillance systems.

No Internet voting: Geer says online voting is a bad idea because the process and results are especially vulnerable to manipulation.

Open source abandoned software: When software companies stop releasing updates for code, they should be required to make it open-source so that others can patch and update it.

Create off-the-grid backup: As networks from municipal electric grids to government databases increasing rely on the Internet, they become more vulnerable to cyber attacks. Geer says we need to design ways for these systems to operate in the absence of the Internet.

Join the conversation in the comments section below and let us know how you feel about the current state of cyber security.