Short Arm

on

The concept of the “short arm” of prediction reinforces one simple but profound challenge with cyber-policy. It cautions us against believing we can predict how technology will evolve in the future, or what the long-term implications of our actions today may be. Cyber policy and architecture should not attempt to predict the future or develop flawless architectures designed to meet needs years into the future. They should, however, attempt to be adaptable to an unpredictable future.

One way to accomplish this is to start treating policy like software. Write policies in short iterations with regular revisits based on lessons learned, threat landscape, and stakeholder feedback. This allows for fewer outdated policies that leave holes for unforeseen attacks like zero-days and artificially intelligent threats.

Design for resilience should be an operating principle as well. We will not be able to predict all threat actors, so our architecture needs to be able to absorb punches. This involves designing for redundancy, incident response, and public and private partnerships.

Finally, cyber-policy should be principles-based, not suffocating. Privacy, accountability and security-by-design are three principles that endure through changing technology. Accepting that we can’t predict the future enables us to create something that is secure now and in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *