Tell Congress to Use the CRA to Save Net NeutralityLearn More About the CRA
Click here to download Securing the Modern Economy: Transforming Cybersecurity Through Sustainability.
Constant cyber hacks and distributed denial-of-service (DDoS) attacks have unfortunately become the new normal in today’s internet-connected society. We’re not even a third of the way through 2018, and already dozens of data breaches and attacks have occurred, including hackers recently stealing information associated with nearly 900,000 credit cards used by Orbitz customers and more than 5 million credit and debit cards used at Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor stores. This unrelenting onslaught has significantly eroded consumer trust in the broad ecosystem of information and communications technologies (ICTs). The growing distrust risks a calamity of public confidence that could undermine both our economy and democracy, creating a ticking time bomb.
Traditional approaches to cybersecurity have proved inadequate in solving the problem -- and have in many ways been the cause of the problem. Enter “sustainability cybersecurity,” an approach in which stakeholders’ interactions with the ICT ecosystem are understood and deliberate, and where each participant understands its responsibility as a steward to respect and protect the ecosystem to preserve its future use. “Securing the Modern Economy: Transforming Cybersecurity Through Sustainability,” a new white paper by Public Knowledge’s Cybersecurity Policy Director Megan Stifel, explains this proposed solution in depth -- and includes a list of priority actions each stakeholder group can take to collectively improve cybersecurity.
How Did We Get Here?
Today’s economy runs on data, and for too long a primary focus has been on connecting and collecting it without appropriate concern for protecting it. As the paper explains, a number of factors have contributed to the present state. First, inadequate education and training – such as teaching information security in only narrow fields, if any – have contributed to poor hardware and software design and development procedures and weak network architecture and protection. Next, business decisions to be first-to-market rather than secure-to-market have flooded the marketplace with products suffering from known vulnerabilities and little or no updatability. Finally, consumers have made choices with insufficient knowledge and understanding of product and service security and privacy features, forcing them to bear too much responsibility for the security of their data and the devices that generate it.
What Can We Learn From Sustainability Management?
Sustainability management acknowledges roles for a range of stakeholders and recognizes the need to manage and engage today in order to ensure the same or better opportunities tomorrow. The field teaches business leaders to manage their organization’s waste, use of energy, water, and other raw materials to ensure sustainability through supply chains, and to be aware of the financial risks posed by environmental accidents, pollution, and climate change. Many elements of sustainability management are particularly relevant to cybersecurity, as the paper explains. We’ve seen that adopting sustainable policies can add to a company’s bottom line, and this is also the case for implementing cybersecurity best practices. In fact, existing sustainability processes and policies likely provide a foundation upon which to incorporate and scale enhanced approaches to cybersecurity.
A Threat to the Digital Economy
Beyond profitability, organizations should begin to frame their cybersecurity activities with a sustainability lens for several reasons. ICTs underpin almost every modern day transaction, from the delivery of electricity and water to banking, shopping, manufacturing, and correspondence. Organizations develop, transmit, and have access to vast amounts of information, including very sensitive data in the form of proprietary and personally identifiable information.
As is increasingly apparent, failure to ensure the confidentiality, integrity, authenticity, or availability of aspects of this information can result in critical failures for associated and unrelated information, devices, and actions. These failures risk reputation, income, assets, and the very longevity of the managing businesses -- and can threaten the ICTs themselves. Furthermore, failure to address ICT security challenges throughout the ecosystem may cost emerging digital economies the opportunity to see the true economic and social benefits these technologies can bring.
Americans have exceedingly low levels of confidence in the privacy and security of the records that are maintained by a variety of institutions in the digital age. As this paper makes clear, incorporating elements of sustainability management into cybersecurity will help reframe perceptions of cybersecurity from fear, uncertainty, and doubt to a more engaging mindset of opportunity, transformation, and dynamism. This shift will in turn lead to improved cybersecurity practices by all stakeholders and ultimately a more secure, resilient, and enduring ecosystem to support the modern economy.