What
relevant additions you would make to cyber security policy and
provide reasoning?
The
first addition I would like to make to cyber security policy would be
decreasing the relevant amount of time it takes to instill policy
change. Defense acquisition is a slow procedure, and when
creating new tools or programs for cyber security, you need to be on
the cutting edge, not years, or even months behind the times.
By fast tracking the purchasing of cyber-security technology, we can
maintain our defensive edge.
The second addition to cyber security policy I would recommend is the preservation of an open and neutral internet. By allowing ISPs to block content, or create internet “fast lanes” we inadvertently foster a chilling effect that retards the development of new internet based technology. While, arguably, this could also slow down the actions of malicious actors, the more likely scenario is the more widespread adoption of the dark web, where nefarious traffic will be even harder to track, and, as otherwise well meaning and law abiding citizens shy away from a “pay-to-play” internet, these actions will turn potential white hat hackers to the black.