Initiative Will Explore Whether Cybersecurity is Art or Science
Paul Rosenzweig, formerly Deputy Assistant Secretary for Policy in the Department of Homeland Security and founder of a homeland security consulting company, observes that cybersecurity resembles obscenity — we know it when we see it even if we can’t define it— but there is a big gray area which contains cybersecurity’s tradeoffs, cost-benefit assessments, and the issues of practicality and scalability it raises. He thinks the unsolved problem of measuring cybersecurity is at the core of sound policy, law and business judgment. The R Street Institute, of which Rosenzweig is a senior fellow, has begun an initiative intended to build a consensus around how to fill that gap. When governments, commercial actors and private citizens think about cybersecurity, they balance the costs to be incurred including enterprise disruption and monetary expense against the benefit of risk protection. The R Street initiative will hopefully answer the question of whether universally recognized and generally accepted metrics to measure and describe such considerations are possible, or if cybersecurity has to remain more art than science.