What if, like public health, cybersecurity were considered a public good?
School of Information Ph.D. student Elaine M. Sedenberg and associate professor Deirdre K. Mulligan address this question in an opinion piece written for the International Risk Governance Center, along with co-author Fred B. Schneider of Cornell University.
The authors argue that establishing cybersecurity as a public good would create the much needed overarching policy principle to define objectives and means, to bring cohesion to sectoral and specific, purpose-led policies and programs. It would help establish a framework under which information sharing proposals can be evaluated, and resolve the trade-offs between the rights and autonomy of individuals, versus benefits for the collective. It would also suggest that it is important to pursue international collaboration in harmonizing technical choices and for institutional and regulatory measures.
The piece reviews the Doctrine of Public Cybersecurity, which aims to produce security and manage its absence. It explores the potential utility of information sharing to promote public cybersecurity. An analogy with public health provides interesting perspectives. Within public health, monitoring and information sharing has advanced specific goals and outcomes. The same is likely to hold true for information about cybersecurity. Making that case requires articulating goals, their connection to specific kinds of information sharing activities, and ensuring that appropriate protections for privacy and other competing values are built in.
Read the full article:
“Public Cybersecurity and Rationalizing Information Sharing,” Schneider, F., Sedenberg, E., Mulligan, D., Opinion Piece for the International Risk Governance Center (IRGC). Lausanne: IRGC.