Journal Free Write #14

Cybersecurity for the Future
In the past, in a less technologically advanced time, our actions had predictable consequences. In  doctor’s offices or hospitals, patient records were just pieces of paper stored in filing cabinets  that could be copied and sent to another office if needed. Enter the computer and now those  records are digital, infinitely accessible to anyone with the clearance to see them. What are the  ramifications of this? Those records will exist long after the patient is gone, those records, even  with the creation of HIPPA, contain enough information to create a distinctions that can be used  to group people by various demographics. It would not be feasible before the digitization of  records to group patients, or just people in general in non-medical terms, by things like income,  medical history, etc. on a grand scale. Because of this new ease of grouping on a large scale, it  becomes our duty to create the infrastructure and laws that can protect these records and any  other information that can be used to group people, if not to avoid privacy than to prevent  discrimination. Admittedly, this will be difficult. We won’t know all of the advances in technology  that will come to pass, and because of this, we need to create an infrastructure and laws that are  flexible; they need to be able to be easily adapted to fit whatever changes may come, because  otherwise, we’ll just be making Band-Aid solutions every few years. Much like the NIST has a  Framework that’s a jumping off point for how a company should conduct their security, we need a  framework for future legislation that is flexible enough to be changed to fit new developments in  tech, but structured enough that the laws can practically be applied and enforced to the current  landscape. To do this, I believe we need to use broad strokes to define things that exist now –  hacking, denial of service, disseminating malware, etc – and create categories that they would fall  under and create steps to determine appropriate punishment for these acts, but then continue to  monitor the cyber landscape for new threats – new ways to attack, new methods of breaching  security – to ensure that as the new threats arise, they can be either filed under an existing  category of crime or, if need be, a new category can be created to encompass it and new  penalties can be assessed.