The technology/information age has significantly changed and enhanced collaboration by virtually connecting everyone through a digital medium, thereby removing borders and boundaries that disconnect the physical world. It has also placed information, regardless of validity, at the fingertips of every connected user. Finally, according to Moore’s Law, the advancement of computer technology continues to double the computing power every two years through a continually evolving integrated circuit chip. This ability to leverage this advanced computing power, collaborate with the world, and share information has launched the world into a new age accelerating modern advancement of technology. With increased power comes increased danger, as people exploit these same advantages for adverse reasons. As life has evolved through man’s first use of tools, society and its underlying morals and ethics have adapted over time. The challenge in the current era is that the power and dangers of technology move at a lightning-fast speed, that limits society’s capability adapt not only morally and ethically, but legally. This “short-arm” of predictive knowledge makes it very difficult to establish cyber policy and -infrastructure that is not antiquated or insufficient on inception.

In order to keep up with a continuously moving target, several considerations must be made with respect to timeliness, flexibility, agility, and politics when establishing cyber policy. With the rapid evolution of technology, “bad actors” continually find ways to exploit technology in new and innovative ways to facilitate fraud and other abuses. Policy that gets tied up in bureaucracy cannot protect people and information, and infrastructure from inherent dangers as it delays adoption and reduces its overall worth. Part of the challenge with rapid implementation of policy is through its inflexibility that does not allow for course corrections. Policy development must be agile enough to rapidly adjust if it is to keep up with rapid technological changes. Of great importance, cyber policy must be established independent of politics that serve to polarize decision and convolute policy and subsequent decision making. Politically polarizing arguments delay implementation of uniform policy that is continually at risk of becoming insignificant.

Finally, risk identification and mitigation must be used to prioritize the establishment of cyber policy and -infrastructure. The costs associated with incorporating cyber strategy and subsequent policy are not only expensive but can have a short shelf life. Cyber risk cannot be eliminated; hence the cost curve to mitigate risk exponentially increases based on increased level of cybersecurity associated with risk mitigation. Ultimately, 100% secure is not obtainable, so a risk assessment that considers value is the only way to remain fiscally responsible.