Paradigm Change: Cybersecurity of Critical Infrastructure
NATIONAL DEFENSE UNIV NORFOLK VA JOINT ADVANCED WARFIGHTING SCHOOL
Pagination or Media Count:
This study argues that the United States paradigm for the cybersecurity of critical infrastructure is flawed. For nearly two decades, repeated Presidential and Congressional efforts to revise cybersecurity policies have resulted in new policies that contain old and unproven principles. Meanwhile, the cyber vulnerabilities within critical infrastructure information environments and the lethality of the global cyber threats to those national assets continue to grow. This thesis examines the foundational policy threads that have resurfaced in Presidential cybersecurity policy initiatives over the last 20 years. Collectively, these consistent themes constitute the United States paradigm for cybersecurity. Although the United States approach to cybersecurity has evolved during the past 20 years, its foundational principles remain unchanged, in error, and incapable of solving the nations cybersecurity challenges. Specifically, two unproven beliefs, the Self-Regulation Theory and the Incremental Progress Theory, remain consistent stalwarts throughout subsequent polices covering the cybersecurity of critical infrastructure. The United States requires revolutionary thinking to defend critical infrastructures against a 21st century cyber threat. Unfortunately, the traditional paradigm hinders innovative thinking. The United States faulty cybersecurity paradigm rests upon unproven theories that if left unchanged, direct the nation toward a national catastrophe. The thesis examines the evolution of cybersecurity policies in the United States through the lens of Thomas Kuhns change theory. According to Kuhn, periodically a series of events creates a critical point at which long-held beliefs cease to resolve the complexities within an environment and create the conditions for a paradigm change. The United States is at such an inflection point. The study concludes with a fundamentally different paradigm for the cybersecurity of critical infrastructure.
- Government and Political Science
- Computer Systems Management and Standards
- Military Operations, Strategy and Tactics