Framework for Exploring Cybersecurity Policy Options

Description

"Today's cyber environment presents unlimited opportunities for innovation, interaction, commerce, and creativity, but these benefits also bring serious security challenges. Satisfactory solutions will require building partnerships among public and private organizations, establishing mechanisms and incentives to foster routine information sharing and collective defense, and educating users about their role in thwarting increasingly sophisticated attacks. With a grant from the William and Flora Hewlett Foundation's Cyber Initiative, RAND developed and conducted two cybersecurity-focused discovery games in Washington, D.C., and California's Silicon Valley that aimed to capture the widest possible range of stakeholder perspectives. Participants represented the tech sector, government agencies, think tanks and academic institutions, advocacy organizations promoting civil liberties and privacy, technology users, and more. The goals were to explore opportunities for improving cybersecurity, assess the implications of possible solutions, and develop an initial framework to support debate and inform decisions regarding cybersecurity policies and practices. The games were structured around two plausible cybersecurity scenarios set in the near future. In the first scenario, malicious actors have exploited vulnerabilities in the Internet of Things, causing both virtual and physical harm; in the second, massive data breaches have compromised the financial system, including authentication processes. Participants debated dimensions of each problem in multidisciplinary teams, then shared potential solutions and strategies in a large-group setting. The format and findings of the exercises offer insights that can help guide holistic approaches to addressing future cybersecurity challenges"--Publisher's description.

Subjects