Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Cybersecurity Is a Social, Policy, and Wicked Problem

published on 2023-06-25 16:17:00 UTC by Richard Bejtlich
Content:

Cybersecurity is a social and policy problem, not a scientific or technical problem. Cybersecurity is also a wicked problem. In a landmark 1973 article, Dilemmas in a General Theory of Planning, urban planners Horst W. J. Rittel and Melvin M. Webber described wicked problems in these terms:

“The search for scientific bases for confronting problems of social policy is bound to fail, because of the nature of these problems. They are ‘wicked’ problems, whereas science has developed to deal with ‘tame’ problems. Policy problems cannot be definitively described. Moreover, in a pluralistic society there is nothing like the undisputable public good; there is no objective definition of equity; policies that respond to social problems cannot be meaningfully correct or false; and it makes no sense to talk about ‘optimal solutions’ to social problems unless severe qualifications are imposed first. Even worse, there are no ‘solutions’ in the sense of definitive and objective answers.”

Other wicked problems include climate change, smuggling, and nuclear weaponry. 

There is no “perfect new normal” because there is no “solution” for cybersecurity. 

To quote Marcus Ranum from the September 2007 issue of Information Security Magazine: “Will the future be more secure? It'll be just as insecure as it possibly can, while still continuing to function. Just like it is today.” 

A report by the Australian government titled Tackling Wicked Problems: A Public Policy Perspective suggests that there are three strategies for mitigating wicked problems: authoritative, competitive, and collaborative. Similarly, cybersecurity will likely require some combination of all three.

In summary, my modest new normal is this: anyone commenting on cybersecurity will recognize that it is a wicked problem that cannot be “solved,” but it may be mitigated, over decades, using expertise and approaches from multiple disciplines, least among them technical acumen.

If pressed to provide a technical element of the new normal, I offer “building visibility in” as one tenet. Asset owners need to understand how their digital resources are used and abused, and anyone providing computing resources should include the logging and access needed to do so.

* I found this note dated 1 June 2020 on my hard drive and decided to publish it today.

Article: Cybersecurity Is a Social, Policy, and Wicked Problem - published over 1 year ago.

https://taosecurity.blogspot.com/2023/06/cybersecurity-is-social-policy-and.html   
Published: 2023 06 25 16:17:00
Received: 2023 06 25 16:22:00
Feed: TaoSecurity
Source: TaoSecurity
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor