A Multi-stakeholder Approach to Cybersecurity Risk Management

No country, company, or private individual can fully utilize the benefits of information technology while protecting all of their own data, communications, or computer networks from every potential cyber threat, regardless of how much time and money they invest in protective systems. Each entity must set priorities, balance tradeoffs, and make choices about cyber protection, knowing that their choices will affect others and that others’ choices will affect them, too. Minimizing the most serious forms of cyber attack, espionage, and crime without hindering beneficial uses of information technology requires skillful multi-stakeholder governance. This project includes a set of research, education, and outreach activities to facilitate that process. 

Full project description
Aug 10, 2017 | Charles Harry

The Mirai botnet attack on the DYN network in October 2016 highlighted to many policymakers the potential problems associated with IoT devices. The compromise and concerted use of thousands of webcams and DVRs to disrupt key Internet services focused attention...

Jul 3, 2017 | David Mussington

Bill C-59 – the National Security Act 2017 – outlines a new vision for Canadian national security. Reading between the lines of this “anti-terror” bill, there is a clear attempt here to comprehensively rework decision-making mechanisms to enhance oversight and...

Jan 10, 2017 | David Mussington

January is typically the month of new beginnings. However, the first portion of 2017 has offered everything but a break from the tumultuous wreckage seen in the past year. This past week the U.S. intelligence community released its first public...

Aug 4, 2015 | Charles Harry
While significant media attention has been given to the volume and range of cyber attacks, the inability to measure and categorize disruptive events has complicated efforts of policy makers to push comprehensive responses that address the range of cyber activity...