First it will be helpful to set the relationship between the terms in this discussion, cyber-policy, infrastructure and predictive knowledge. It’s a fact that law and policies are crafted from fully, examined, researched, theorized knowledge of a study. Then those crafted policies are implemented in shaping and designing the infrastructure of cyberspace. Or on the other hand, infrastructure can also be studied and researched to amend national policies on cyber-space.

    Now the “short arm” of predicted knowledge on our case, cyber-space is huge. Every day tons of software and hardware technologies, devices, information processing and producing complex innovation are constantly being created. This constantly ever changing, cyber environment is what constrains the predictability and expectation of knowing what potentially is out there. The vastness and complexity of technology is one reason which limits the predictive knowledge. Technological advances being fast and relatively new (only few decades) invention is also another point which restricts policy design because of shortage of enough understanding and inadequate knowledge of the industry.

     Given the ‘short arm’ of predictability knowledge, development of cyber policies only depending on predictable knowledge should not be the solution. Applying educated or well analyzed predictable knowledge in combination to other means of policy designs can be ideal in applying it proactively as supposed to reactive. If the reasonable predictive knowledge can help the proactive side of policy design, measures like the national institute of standards and technology, NIST cyber security framework can hold the reactive side of the policy. Even though predictable knowledge can be helpful, I think policies should be approached mainly depend on practical measures like the five NIST Cybersecurity measures, identifying so to manage risk, protect to safeguard critical infrastructure, detect for any cyber security ongoing incident, respond by taking an action on detected Cybersecurity incident, and recover by restoring and planning in implementing resilient infrastructures.