Redefining Cybersecurity Policy

18 Pages Posted: 8 Sep 2016 Last revised: 19 Oct 2016

See all articles by David Thaw

David Thaw

University of Pittsburgh - School of Law; University of Pittsburgh - School of Information Sciences; Yale University - Information Society Project; University of Pittsburgh - Graduate School of Public & International Affairs; National Defense University - College of Information and Cyberspace

Date Written: September 5, 2016

Abstract

Cybersecurity policy currently is views security as an exercise in risk prevention. Questions such as "how do we stop attackers" pervade the discourse both in technical cybersecurity planning and legal and organizational policymaking. This view of security – which departs from centuries of accepted practices in other areas of security – is beneficial to exactly one group: attackers.

This is an extremely rough draft of what will become a book proposal I tentatively am calling "Redefining Cybersecurity." The central thesis is about cybersecurity policymaking and the technical practices those policies drive "on the ground." It argues that those policies drive these practices toward risk "prevention" styles of management when cybersecurity practice is more effective as risk management exercises (for efficiency, efficacy, and possibly normative reasons).

What follows is a draft table of contents of the book project, and an early working draft of a chapter which focuses the thesis above. This draft chapter, Redefining Cybersecurity Policy, attempts to articulate much of the argument of the larger book. This work follows on from my PLSC paper in 2015, Cybersecurity Stovepiping, which provides an example case study of the failure of rigid risk prevention-based policymaking.

Suggested Citation

Thaw, David, Redefining Cybersecurity Policy (September 5, 2016). U. of Pittsburgh Legal Studies Research Paper No. 2016-30, Available at SSRN: https://ssrn.com/abstract=2835126 or http://dx.doi.org/10.2139/ssrn.2835126

David Thaw (Contact Author)

University of Pittsburgh - School of Law ( email )

3900 Forbes Ave.
Pittsburgh, PA 15260
United States

HOME PAGE: http://www.davidthaw.com

University of Pittsburgh - School of Information Sciences ( email )

Pittsburgh, PA 15260
United States

Yale University - Information Society Project ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

University of Pittsburgh - Graduate School of Public & International Affairs ( email )

Pittsburgh, PA 15260-0001
United States

National Defense University - College of Information and Cyberspace ( email )

300 5th Ave
Ft McNair
Washington, DC 20319
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
169
Abstract Views
1,521
Rank
377,445
PlumX Metrics