Doctrine for Cybersecurity

Cybersecurity is an essential concern in the information age. A successful intervention in enhancing cybersecurity could require international accord and intervention in the choices of individuals by governance institutions. Through an analogy with public health, the authors of this essay examine cybersecurity as a public good, with a focus on the collective rather than the individual. While various doctrines for cybersecurity (including prevention, risk management, and deterrence through accountability) have been promoted in the past, none have been effective. Thus the lens of public health allows the new doctrine of public cybersecurity to examine the features of the internet landscape. The authors encourage policy interventions including coordinated surveillance in order to facilitate the creation of a resilient system with decreased vulnerabilities.