How Transparent Should Government Be After a Cyberattack?

"Brian Nussbaum, who is a fellow with New America’s Cybersecurity Initiative and an assistant professor of cybersecurity at the University of Albany, said a balance must be struck between giving citizens necessary info and obscuring the scope of defenses and recovery, noting that “it’s possible to describe in general what’s being done without being specific about what’s being done.”

Sometimes, Nussbaum added, public organizations withhold information not in the name of secrecy, but rather because they are still sorting out “second order effects,” which basically means assessing the problem and understanding the damage. For organizations like government or public health systems, which keep private data subject to regulations, this is paramount."