Our two previous posts on the Lawfare Blog addressed a series of questions. In our first post, we offered an overview of the current ecosystem of prediction markets and crowd-forecasting platforms, and asked if they might generate useful information for the benefit of government and industry decisionmakers. We concluded there that the answer is most likely yes: while nascent, the science of crowd-forecasting is growing. In a world of increasing uncertainty, the opportunity to more accurately make predictions about future events, explore causality and compare expectations with reality is ever more alluring.
In our second post, we explored the specific ways in which relevant trends in cyber insecurity and vulnerability might be predicted through the tools of crowd forecasting. We offered a rationale for our belief that a cybersecurity-specific platform could be valuable to cybersecurity, and explained how the types of questions asked of the platform could maximize its utility.
In this policy paper, we move from the theoretical to the practical. It is our goal to explain how a cybersecurity crowd-forecasting platform might work, and to make several key decisions to structure it. Essentially, this paper offers a series of answers to our third and final question: what would a cybersecurity-specific crowd-forecasting platform look like, and what might it tell us?