How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?

Developing new cyber-policy and infrastructure in a fast-paced technical world is difficult. This is because predicting potential cyber threats and vulnerabilities is also very difficult. In most cases, cyber professionals, or really any organization, only realize some of their risks close in time to when they were already exposed or about to be. In the article, “Technology and Responsibility: Reflections On The New Tasks of Ethics,” by Hans Jonas, he describes the nature of the “short arm” of predictive knowledge. He states, “The good or bad of the action is wholly decided within that short-term context. No one was held responsible for the unintended later effects of his well-intentioned, well-considered, and well-performed act. The short arm of human power did not call for a long arm of predictive knowledge; the shortness of the one is as little culpable as that of the other.” This is essentially saying that we as humans only can know so much in advance. This applies heavily to cybersecurity, due to technology changing every single day. In order to approach the development of cyber-policy and infrastructure, we have to look at it through multiple systems. We must figure out what risks are the highest and what could possibly result in direr consequences. One way to do this to consider what problems we are facing in the current time and using trends of the past to try and predict what will happen or what is most likely to happen. However, this obviously will not work all of the time, due to the nature of technology. Individuals tasked with creating cyber-policy must ensure that they are focused on the current times and try their best to predict a little into the future. An example of this is some of the bug bounty programs. Different organizations realized they could find more instances of vulnerabilities with hiring more help from others outside of the organization. There are a lot of policies around these types of programs and still in consideration. Cyber policy makers must consider what is best for today and also what will assist us tomorrow, and so on.