Identifying Conflicting Incentives in United States Federal Cybersecurity Policy: A Sociotechnical Systems Approach
Description
Despite increased attention and funding from companies and governments worldwide over the past several years, cybersecurity incidents (such as data breaches or exploited vulnerabilities) remain frequent, widespread, and severe. Policymakers in the United States have generally addressed these problems discretely, treating them as individual events rather than identifying commonalities between them and forming a more effective broad-scale solution. In other words: the standard approaches to cybersecurity issues at the U.S. federal level do not provide sufficient insight into fundamental system behavior to meaningfully solve these problems. To that end, this dissertation develops a sociotechnical analogy of a classical mechanics technique, a framework named the Socio-Technical Lagrangian (STL). First, existing socio/technical/political cybersecurity systems in the United States are analyzed, and a new taxonomy is created which can be used to identify impacts of cybersecurity events at different scales. This taxonomy was created by analyzing a vetted corpus of key cybersecurity incidents, each of which was noted for its importance by multiple respected sources, with federal-level policy implications in the U.S..
The new taxonomy is leveraged to create STL, an abstraction-level framework. The original Lagrangian process, from the physical sciences, generates a new coordinate system that is customized for a specific complex mechanical system. This method replaces a conventional reference frame –one that is ill-suited for the desired analysis –with one that provides clearer insights into fundamental system behaviors. Similarly, STL replaces conventional cybersecurity analysis with a more salient lens, providing insight into the incentive structures within cybersecurity systems, revealing often hidden conflicts and their effects. The result is not a single solution, but a new framework that allows several questions to be asked and answered more effectively.
Synthesizing the findings from the taxonomy and STL framework, the third contribution involves formulating reasonable and effective recommendations for enhancing the cybersecurity system's state for multiple stakeholder groups. Leveraging the contextually appropriate taxonomy and unique STL framework, these suggestions address the reform of U.S. federal cybersecurity policy, drawing insights from various governmental sources, case law, and discussions with policy experts, culminating in analysis and recommendations around the 2023 White House Cybersecurity Strategy.
Date Created
The date the item was original created (prior to any relationship with the ASU Digital Repositories.)
2023
Agent
- Author (aut): Winterton, Jamie
- Thesis advisor (ths): Maynard, Andrew
- Committee member: Bowman, Diana
- Committee member: Michael, Katina
- Publisher (pbl): Arizona State University