The Computer Science and Telecommunications Board (CSTB) released a new National Academies report, At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues. As we as a nation become more dependent on information and information technology, cybersecurity is becoming increasingly important. The report highlights 6 key findings about cybersecurity and public policy:
- Cybersecurity is a never-ending battle, and a permanently decisive solution to the problem will not be found in the forseeable future.
- Improvements to the cybersecurity posture of individuals, firms, government agencies, and the nation have considerable value in reducing the loss and damage that may be associated with cybersecurity breachers.
- Improvements to cybersecurity call for two distinct kinds of activity: efforts to more effectively and more widely use what is known about improving cybersecurity, and efforts to develop new knowledge about cybersecurity.
- Publicly available information and policy actions to date have been insufficient to motivate an adequate sense of urgency and ownership of cybersecurity problems afflicting the United States as a nation.
- Cybersecurity is important to the nation, but the United States has other interests as well, some of which conflict with the imperatives of cybersecurity. Tradeoffs are inevitable and will have to be accepted through the nation’s political and policy-making processes.
- The use of offensive operations in cyberspace as an instrument to advance U.S. interests raises many important technical, legal, and policy questions that have yet to be aired publicly by the U.S. government.
To learn more, read the full report, available from the CSTB here or watch this short video explaining the key findings.