Download this Paper Open PDF in Browser

Redefining Cybersecurity Policy

18 Pages Posted: 8 Sep 2016 Last revised: 19 Oct 2016

David Thaw

University of Pittsburgh - School of Law; University of Pittsburgh - School of Information Sciences; Yale University - Information Society Project; University of Pittsburgh - Graduate School of Public & International Affairs

Date Written: September 5, 2016

Abstract

Cybersecurity policy currently is views security as an exercise in risk prevention. Questions such as "how do we stop attackers" pervade the discourse both in technical cybersecurity planning and legal and organizational policymaking. This view of security – which departs from centuries of accepted practices in other areas of security – is beneficial to exactly one group: attackers.

This is an extremely rough draft of what will become a book proposal I tentatively am calling "Redefining Cybersecurity." The central thesis is about cybersecurity policymaking and the technical practices those policies drive "on the ground." It argues that those policies drive these practices toward risk "prevention" styles of management when cybersecurity practice is more effective as risk management exercises (for efficiency, efficacy, and possibly normative reasons).

What follows is a draft table of contents of the book project, and an early working draft of a chapter which focuses the thesis above. This draft chapter, Redefining Cybersecurity Policy, attempts to articulate much of the argument of the larger book. This work follows on from my PLSC paper in 2015, Cybersecurity Stovepiping, which provides an example case study of the failure of rigid risk prevention-based policymaking.

Suggested Citation

Thaw, David, Redefining Cybersecurity Policy (September 5, 2016). U. of Pittsburgh Legal Studies Research Paper No. 2016-30. Available at SSRN: https://ssrn.com/abstract=2835126

David Thaw (Contact Author)

University of Pittsburgh - School of Law ( email )

3900 Forbes Ave.
Pittsburgh, PA 15260
United States

HOME PAGE: http://www.davidthaw.com

University of Pittsburgh - School of Information Sciences ( email )

Pittsburgh, PA 15260
United States

Yale University - Information Society Project ( email )

P.O. Box 208215
New Haven, CT 06520-8215
United States

University of Pittsburgh - Graduate School of Public & International Affairs ( email )

Pittsburgh, PA 15260-0001
United States

Paper statistics

Downloads
74
Rank
276,019
Abstract Views
279