Cybersecurity is a huge and growing concern for industry, civil society, and the government officials who must make decisions about new cyber policies to meet evolving threats. How are those policymakers getting the information and analysis they need to make those decisions? The perspectives of industry and government experts are well-represented in those deliberations, but the current supply of research from academia and civil society organizations is not well aligned with policymakers’ needs.

That’s one finding from new research from RTI International commissioned by the Hewlett Foundation’s Cyber Initiative to understand how the cyber policy community can better meet the needs of government officials and inform cyber policy. RTI interviewed 39 current and former government officials in key cyber policymaking roles, and the results suggest that officials do value information and resources produced by researchers, policy experts, and others outside government, but not all members of the cyber policy community are viewed as providing equally useful information.

The full report outlines recommendations for improving cyber policy supply and demand at the federal level, as well as presenting two case studies focused on cyber policymaking at the state level in California and Washington. RTI’s lead researcher on the report, Brent Rowe, and Hewlett Foundation Cyber Initiative Program Officer Eli Sugarman also wrote a blog post with their key takeaways from the report for a national security focused blog, War on the Rocks.