Friday, October 28, 2011

Cyberthreats and the Limits of Bureaucratic Control

This is another fyi-type post (or maybe a self-promotion type post) about a new article of mine.

This one is entitled Cyberthreats and the Limits of Bureaucratic Control and it will be published this spring by the University of Pittsburgh's Journal of Law, Technology & Policy. It's a very long article, the subject-matter of which is described in the abstract I'm inserting below.

If the article sounds interesting, you can access the final draft on SSRN.

This article argues that the approach the United States, like other countries, uses to control threats in real-space is ill-suited for controlling cyberthreats, i.e., cybercrime, cyberterrorism and cyberwar. It explains that because this approach evolved to deal with threat activity in a physical environment, it is predicated on a bureaucratically organized response structure. It explains why this is not an effective way of approaching cyber-threat control and examines the two federal initiatives that are intended to improve the U.S. cybersecurity: legislative proposals put forward by four U.S. Senators and by the White House; and the military’s development of six distinct Cyber Commands.

The article explains why each of these efforts is flawed and why U.S. authorities persist in pursuing antiquated strategies that cannot provide an effective cyberthreats defense system. It argues that the continuing reliance bureaucratically structured response systems is the product of the fallacy of inevitability, i.e., the recursive reliance on established institutional models. And it outlines an alternative approach to the task of protecting the country from cyberthreats, and approach that is predicated on older, more fluid threat control strategies.

No comments: