Jonas’ “short arm” is the gap between our ability to predict accurately long-term outcomes of complex technical systems and modern society’s willingness to accept that we can’t accurately predict the future. When applied to cyber-policy and cyber-infrastructure, Jonas’ short arm suggests that we will never know exactly how our policy decisions today will impact cyber risk, social behavior, or technological systems tomorrow.

Policies built with this philosophy in mind will focus on short-term flexibility instead of long-term confidence in our cyber-systems. For example, we should never design or build cyber-systems with the confidence that we can anticipate all future threats. Whether it’s AI-based attacks, dodgy suppliers, or zero-day software vulnerabilities, cyber threats will always arise that we cannot predict.

This precautionary principle should extend to cyber policy as well. If there is a chance of serious or irreversible harm to cyber systems, we should build a policy that takes precautions regardless of scientific certainty. Jonas’ short arm also calls for cyber policy to be continuously revisited and revised. No one has a monopoly on predicting cyber outcomes; engineers, legislators, ethical theorists, and security professionals should all be weighing in on how cyber systems should operate. The short arm of predictive knowledge can never be fully extended, but there are cyber policy approaches that can help us manage cyber systems responsibly despite not being able to see into the future. Cyber systems should be designed to adapt to unknown threats, withstand attacks, and learn from mistakes.