How should we approach the development of cyber-policy and -infrastructure given the “short arm” of predictive knowledge?
The short arm of predictive knowledge is the ability to possess the information to forecast a behavior in short order. The ability to have the knowledge to foresee a particular behavior usually originates from historical information, like the cause and effect of such acts. For instance, the “I Love You” virus that was released in 2000 was not known to the world until it started infecting personal computers. Until this nefarious act was released; the event could not have been foretold because it is hard to forecast a criminal’s intention and even more challenging to speculate how the attack unfolds.
Cybersecurity policy is a document which contains general guidelines that explain how to perform actions based on specific circumstances. For instance, because the “I Love You” virus is released through an executable email attachment, the policy would have a section that warns employees from opening attachments from unfamiliar senders. When approaching the development of cyber-policies and infrastructure it should begin by first constructing around the knowledge of past attacks. This would better assist the shoring up of system infrastructure from executing past nefarious behavior witnessed. After understanding and implementing steps to counter past incidents the policies should be continually updated on a regular basis, never stay stagnant, and be flexible. Because technology is advancing so hastily that it is difficult for anyone, or any organization, to completely understand and implement successful defenses to curtail cyber-attacks on their systems. Technological advances also suggest that the criminals’ procedures will also morph alongside it. Another thing to think about is that criminals will additionally change the way they operate when their procedures are uncovered and published to the world. This is the reason cybersecurity policies and infrastructures need to stay adaptable and modernized. Unfortunately, the way cybersecurity is currently performed is more reactive than proactive. So having the ability to predict nefarious behavior will always be complicated and challenging.
References
What is the ILOVEYOU virus and how do you protect against it? (n.d.). SearchSecurity. https://www.techtarget.com/searchsecurity/definition/ILOVEYOU-virus