Cybersecurity and National Policy

Dan Geer recently published the article Cybersecurity and National Policy in the Harvard Security Journal. He outlines his views of the state of cybersecurity and makes some fascinating observations. For those of you who aren’t familiar with him, just googlehis name for more information.

Here are some snippets:

“I currently define security as the absence of unmitigatable surprise.”

“To set the rest of what I am going to say on the bedrock of its foundation, the United States’s ability to project power depends on information technology, and, as such, cyber insecurity is the paramount national security risk.  This point bears repetition: because the United States’s ability to project power depends on information technology, cyber insecurity is the paramount national security risk.

Those with either an engineering or management background are aware that one cannot optimize everything at once — that requirements are balanced by constraints.  I am not aware of another domain where this is as true as it is in cybersecurity and the question of a policy response to cyber insecurity at the national level.  In engineering, this is said as “Fast, Cheap, Reliable: Choose Two”.  In the public policy arena, we must first remember the definition of a free country: a place where that which is not forbidden is permitted.  As we consider the pursuit of cybersecurity, we will return to that idea time and time again; I believe that we are now faced with “Freedom, Security, Convenience: Choose Two”.”

Advertisements

~ by peterguerra on April 17, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: