The Academy’s Cyber Risk Task Force responded to the U.S. Treasury Department’s questions about the applicability of the Terrorism Risk Insurance Act (TRIA) to cyber-attacks that aim at targets outside the U.S. but cause insured losses in the U.S. The task force also noted the potential difficulty of meeting TRIA’s requirement for an official finding that the source of an attack was a non-governmental terrorist organization.