Policymaker Directory
This is a directory for policy-makers interested in learning more about cyber issues. Most of the documents provide different definitions of cyberwar, as well as how the United States (private and public sectors) should secure itself against cyber threats. Reading each of the items included in this directory will provide a well rounded view of how various people and groups want to act upon varying degrees of cyber threats.
Using the glossary on this website will provide definitions to terms that are frequently used among government and military leaders, as well as security experts. It is not a comprehensive list, but a good foundation for common terms used when referring to cyberwar. Also, searching for "definitions" in the search-box will pull up more documents which define certain cyber terms.
The Online Threat: Should we be worried about a cyberwar?:
Seymour Hersh (world renown journalist) writes a comprehensive article and quotes a lot of different officials and experts. He includes people who believe we are fighting a cyberwar today as well as voices of skepticism. This article includes a lot of information and opinions about cyberwar. Since many documents and media articles do not criticize or question how cyberwar is being conceptualized or handled, Hersch's article does a nice job remaining objective in his assessments of how cyberwar is being conceptualized and addressed. Hersh provides a good background about cyberwar issues and uses credible sources.
Understanding Cyber Security Threats:
Jeff Moss, the hacker who started the Black Hat Conference, helps his audience understand cyber security threats, but offers a unique perspective as a hacker. Moss makes an interesting point about a group who may not need or care about having an internet network to attack an adversary, while still using cyber means. As policy makers, Moss' different outlook on cybersecurity is beneficial.
Cyber Conflict: Challenging the Future:
Being a national security and international affairs expert, Franklin Kramer writes about major cyber events (e.g. Stuxnet worm and Wikileaks) from a variety of perspectives. He includes a policymaker's perspective and focuses on policy throughout the document. Kramer's main theme is that policy needs to change.
U.S. Cybersecurity Policy and the Role of U.S. Cybercom:
General Keith Alexander explains the U.S. Cyber Command's plan to implement cybersecurity policy. He emphasizes the need for collaboration between government and private institutions. The command's goal is specifically focused on preventing and diminishing cyber attacks.
Most policies are focused on the United States, but this document expands policy into international territory. It is specifically meant for policymakers to learn more about China's capabilities and use its content as a reference.
Protecting the Digital Economy:
The EastWest Institute hosted the first Worldwide Cybersecurity Summit which brought together leaders of governments, businesses and civil society from around the world to determine new measures to ensure the security of the world’s digital infrastructure. The report compiled from this summit provides a look at how people from across the globe view cyber issues. United States policy undoubtedly will have to take into account the rest of the connected world, so getting a sense of what these global leaders think about cybersecurity, cyberwar and threats now will help in determining how policy may need to change in the future.
Harnessing Small Businesses Innovation for National Security Cyber Needs:
Smaller business owners give testimonies in front of the Subcommittee on Terrorism, Unconventional Threats and Capabilities of the Committee on Armed Services House of Representatives 111th Congress (second session). The subcommittee believes that small businesses are important aspects of the economy and are quicker to innovate than larger corporations. The goal of the committee is to see how small businesses think about cyber issues, what technologies they have implemented to be secure and also to identify systemic barriers to small businesses trying to enter the marketplace. Since it is not common for small business owners to speak in front of the Armed Services, this document provides an insider's look into what policies small businesses owners may want/need in regards to cybersecurity.
Though the Policy Collection is not comprehensive, it does provide current policies for cybersecurity. These policy documents are active, so one can see what improvements can be made for each and/or what has already been suggested.
Reducing Systemic Cybersecurity Risk:
This report is part of a broader OECD (Organization for Economic Co-operation and Development) study into Future Global Shocks. Such shocks include a further failure of the global financial system, large-scale pandemics, escape of toxic substances resulting in wide-spread long-term pollution, and long-term weather or volcanic conditions inhibiting transport links across key intercontinental routes. Interestingly, the authors have concluded that very few single cyber-related events have the capacity to cause a global shock. This is in almost direct contrast to the EastWest Summit findings. However, the OECD report does note that governments need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.
This collection contains alternative opinions from the dominant "cyberwar is a huge threat" voice. Since there is a lot of media hype about the dangers of future cyber threats, being exposed to other viewpoints (from credible sources) is an excellent way of gaining a well-rounded understanding of cyber issues and cybersecurity.
Pending Law and Current Law and Treaties:
Even though policy is not law, policies do have a lot of influence over what does and does not get enacted. By learning about active and pending laws, policies may enhance or contradict what is already in place or in current debate, depending on what one sees is needed.