Cyber-infrastructure, Cyber-policies

How should we approach the development of cyber-policy and -infrastructure given the “short arm” of predictive knowledge?

The development of cyber-policies and cyber-infrastructures face the challenge that technology is constantly evolving at a fast pace. In many instances, technology has evolved beyond the scope of many laws, and legislatures are struggling to catch up to the current technological environment. So how do those who create the policies and infrastructure approach the task of planning for future risks that have not been thought of yet? Cyber attacks are a constant threat, and companies must accept the fact the reality is not if you are attacked, but when the attack will occur. Cyber policies attempt to protect the infrastructure and data companies are responsible for, by either lowering the risk to those systems or preventing as many types of attacks as they can.

Cyber policy creation begins with identifying and understanding stakeholder protection needs and security concerns, working within budgetary constraints and physical constraints. Identifying every type of technology that will be used and ensuring the software used is kept up to date and patched in order to keep it as secure as possible. All updates and patches must first be tested for compatibility with the current system-wide software prior to rolling the updates to the end users. Frequent backups of systems need to occur to help reduce any downtime should an attack occur. Continued cyber security education of employees will help reduce the risk to a company from falling victim to social engineering attacks. The main intent of basic cyber policies are to help plan and prevent known cyber-attacks from being successful, while also staying flexible enough to allow for updates to the policies and procedures as new vulnerabilities and attack methods are discovered.