The dangers of threat inflation in cybersecurity policy
In an article for the Harvard National Security Journal, Jerry Brito and Tate Watkins, wrote:
There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.
This Article asks for a better justification for the increased resources devoted to cyber threats. It examines the claims made by those calling for increased attention to cybersecurity, and notes the interests of a military-industrial complex in playing up fears of a “cyber Katrina.” Cybersecurity is undoubtedly an important policy issue. But with a dearth of information regarding the true nature of the threat, it is quite difficult to determine whether certain government policies are warranted—or if this merely represents the latest iteration of threat inflation benefitting private and parochial political interests.
The article is interesting for the questions it raises about the policies that are being adopted (or about to be adopted) by the U.S. government, given the evidence (and lack of evidence) that supports them, and the possible consequences of their adoption.
I'm not going into details or comment on the arguments presented. However, I feel I must write the following: It's important to keep a critical mind with regard to our own perception and our own recommendations. For this reason, I think the article is valuable and must be read (!)