Jayshree Pandya
Introduction
The human-made digital ecosystem, cyberspace, has fundamentally changed everything across nations. Cyberspace is defining the very nature of security and prosperity each individual and entity across nation: its government, industries, organizations, and academia (NGIOA) can have. How any nation and all its components inhabit the digital world and respond to its opportunities and risks will define and determine its coming tomorrow.
Today, all components of an NGIOA rely on computer-driven and interconnected information technologies and systems of the digital world. Cyberspace has already become an inseparable component of a nation’s systems, whether they be financial, social, economic, government, transportation, security, or way of life. While our ideal vision of the digital world is interoperable, reliable, and secure, the vulnerability of the fragile digital ecosystem necessitates a hybrid multi-pronged (digital, analog, discrete, and quantum) approach to securing the human cyberspace, aquaspace, geospace, and space (CAGS) information ecosystem.
As seen, computers are digital, as are computational models. Furthermore, information is now mostly stored and processed in digital format. The shift from analog to digital seems to be almost complete as well. However, the question then is whether digital storage and digital processing of information flows and systems is the right way to go, especially when the future seems to be moving towards distributed, decentralized economies where analog appears to be centered.
Now a digital information system, in itself, is not a bad idea if security was at the core of the human-made digital world. DNA, for instance, also stores and processes information in digital format. However, human life as we know it has information processing in both digital and analog forms. Moreover, it seems the universe is analog, and everything nature has built-in our ecosystem is analog. Considering our need for information flows is discrete, should we not have a balanced discrete approach to information flow storage and security?
Moreover, identifying, protecting, and ensuring the resilience of CAGS networks, systems, information, functions, and data has become of paramount importance. Since securing cyberspace is a survival necessity, especially when it is emerging as a primary “domain” of warfare, there is a need for a multi-pronged approach to ensure information flow security: digital, analog, discrete and quantum. That brings us to an important question: what do nation’s consider a cyberspace information system? What is the current approach to information storage and security in cyberspace?
Acknowledging this emerging reality, Risk Group initiated a much-needed discussion on Cyber Policy with Dr. O. Shawn Cupp on Risk Roundup.
Disclosure: I am the CEO of Risk Group LLC.
Risk Group discusses Cyber Policy with Dr. O. Shawn Cupp, Professor at US Army based in the United States.
Cyber Policy
Today, cyberspace is a contested common along with aquaspace, geospace, and space, and its use as a battleground to wage war is rapidly intensifying. Cyberspace seems to be evolving faster than a policymaker’s ability to handle the transformative changes brought on by technology.
Keeping up with the rapidly growing complexity of the raging war in cyberspace is a challenge facing not only a nation’s military but also the individuals and entities across an NGIOA, including the policy community. So,
● How do nations keep up?
● How should NGIOAs respond to the complex security, legal, and policy challenges of cyberspace and due to cyberspace in aquaspace, geospace, and space?
● How should NGIOAs ensure information flow and storage security?
● How should NGIOAs develop a theoretical and doctrinal legal and policy infrastructure capable of integrating transformative technologies from CAGS?
Protecting Assets
Today everyone, individuals and entities across NGIOA, needs to define protection mechanisms for their valuable information assets in CAGS along with its infrastructure, data, systems, and anything that is connected to the cyberspace. Defining, designing, and developing CAGS information security controls, mechanisms, and processes is a survival need today. It is therefore essential to define and design appropriate security policy to give us doctrine to provide measurable goals for cyber security controls and response. Since cyberspace security is an interconnected, integrated problem, cyber policy should also apply uniformly to entire nations (including all its components). The cyber policy, therefore, must be defined, described, and documented in clear terms for individuals and entities across NGIOA for the digital infrastructure, hardware, software, information systems, and more.
While cyberspace continues to grow in complexity, scale, and scope, the evolving cybersecurity vulnerabilities and its integration with aquaspace, geospace, and space put everything and everyone at risk. The more a nation depends on cyberspace, the higher the need to clearly define security procedures, protocols, and policies. Developing a cyber strategy needs to be a collective NGIOA effort as any cyber-attack has a strategic security impact for not only the entity under attack but all interconnected components of a nation.
What Next?
Cyberspace is growing at a tremendous pace and is becoming the new preferred ecosystem for the digital inhabitation of individuals and entities across NGIOA. Understandably, it is creating complex legal and policy challenges that have far-reaching consequences. It is time we collectively begin a discussion on what does the integrated information systems of cyberspace mean for cyber law, cyber security, and policy?
The time is now to understand the dangers of universal access to information and discuss and debate the policy towards the right balance of discrete, digital, analog, or quantum for information storage, processing, and security.