Stanford’s Dempsey pushes for reorienting debate over cyber regulation toward measurable outcomes

Stanford Cyber Policy Center senior policy advisor Jim Dempsey is urging policymakers to move beyond a fixation on “performance-based” approaches to cybersecurity regulation and instead pursue “hybrid” approaches that produce measurable outcomes.

“It’s time for cybersecurity regulators to break away from the prescriptive versus performance-based dichotomy. Instead, they need to draw upon all the modes of regulation available, considering sector-by-sector the nature of the threats, the characteristics of the industry, and the capabilities of the sector-specific regulator,” Dempsey writes in...