Cyberthreats must require governments and businesses to be 'cyberrisk intelligent'

May 02, 2013 by Jeff Falk

(Phys.org) —In an age where cybersecurity is of foremost interest for governments and businesses, public and private organizations must deploy risk-intelligence governance to secure their digital communications and resources from eavesdropping, theft or attack, according to a new paper from Rice University's Baker Institute for Public Policy.

The paper, "Risk-Intelligent Governance in the Age of Cyberthreats," was authored by Christopher Bronk, a fellow in at the Baker Institute. Against the backdrop of technology experts and policymakers' elusive battle to find a remedy for the myriad cyberthreats and vulnerabilities, the paper proposes the concept of "cyberrisk intelligence," a general framework for understanding the varied that impact an organization's capacity to secure it cyberinfrastructure.

"In the geopolitical context of cyberincidents and conflict, perhaps the most important questions revolve around 'Why?'" Bronk said. "In cyberdefense activities, the typical has been one in which risks are identified and mitigated based on known vulnerabilities and threats. Where organizations often fall short is in pulling together all the different inputs in understanding their vulnerabilities."

Bronk proposes a holistic identification and model that considers cybersecurity in the broader scope of an organization. "Considering what bad outcomes might occur in the cyberarena needs inputs not just from the IT space but the broader space of operation," he said. "We suggest three general flows of information in determining an organizational frame for cyberrisk intelligence: one that encompasses the awareness of the IT enterprise and its apparent health; a second that brings internal business activities into view; and a third that encompasses broader geopolitical and economic forces. These three areas can be combined into a common operating picture for cyberrisk awareness."

For organizations to become cyberrisk intelligent, Bronk said, they must move beyond seeing cybersecurity as province of organizational IT. They must also understand and evaluate how they are exposed to competition or harm and join industrywide efforts that identify key security concerns and meet them with a collaborative response.

Bronk draws comparisons to more visible security threats in making the case for the importance of cyberrisk intelligence. "Since the Sept. 11, 2001, attacks, two air travelers have tried to blow up airplanes and been thwarted by fellow passengers and flight crew because there is a clear understanding of what is at stake," he said. "People aboard airliners now understand that successful hijacking may mean death. Threats in cyberspace are not so clear and so great, in terms of life and limb. The case is clear that the world's organizations depend on IT to function. The question for preserving cyberspace is how those organizations pool their attentions and resources to preserve a vibrant and functioning cyberspace that may be used to enhance human endeavor. Without adequately studying new and even unorthodox approaches to security, we may eventually lament the loss of the cyberconnected world we once enjoyed."

Explore further: Lions Gate partners with online outfit RocketJump

More information: "Risk-Intelligent Governance in the Age of Cyberthreats," paper: www.bakerinstitute.org/publications/ITP-pub-RiskIntelligentGovernance-042613.pdf.

add to favorites email to friend print save as pdf

Related Stories

Baker Institute policy report looks at cybersecurity

Feb 24, 2011

A new article written by a fellow at Rice University's Baker Institute for Public Policy calls on the intelligence community to jointly create a policy on cybersecurity and determine the degree to which the U.S. should protect ...

Scientist urges new look at government 'Web-tapping'

Dec 02, 2008

The technology of government surveillance has changed dramatically, and the rules governing surveillance should be changed accordingly. Chris Bronk, a fellow in technology, society and public policy at Rice University's Baker ...

'What if?' scenario: Cyberwar between US and China in 2020

Mar 23, 2011

As Iran's nuclear plant attack and Chinese-based hackers attacking Morgan Stanley demonstrate how the Internet can wreak havoc on business and governments, a new paper by a fellow at Rice University's Baker Institute for ...

Recommended for you

Instagram photo-sharing service goes down

Apr 12, 2014

Popular photo-sharing site Instagram was not working Saturday, as frustrated users quickly turned to social network Twitter and other web sites to share their complaints.

Authors Guild asks US court to rule against Google

Apr 11, 2014

The Authors Guild says that Google Inc. is stealing business from retailers and has asked a New York federal appeals court to find that the Internet giant is violating copyright laws with its massive book digitization project.

User comments : 0

More news stories

Tech giants look to skies to spread Internet

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Wireless industry makes anti-theft commitment

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Astronomers: 'Tilt-a-worlds' could harbor life

A fluctuating tilt in a planet's orbit does not preclude the possibility of life, according to new research by astronomers at the University of Washington, Utah's Weber State University and NASA. In fact, ...