February 21, 2022

The Cyber Social Contract

In the spring of 2021, a Russia-based cybercrime group launched a ransomware attack against the largest fuel pipeline in the United States. According to the cybersecurity firm Mandiant, the subsequent shutdown and gas shortage across the East Coast likely originated from a single compromised password. That an individual misstep might disrupt critical services for millions illustrates just how vulnerable the United States’ digital ecosystem is in the twenty-first century.

Although most participants in the cyber-ecosystem are aware of these growing risks, the responsibility for mitigating systemic hazards is poorly distributed. Cyber-professionals and policymakers are too often motivated more by a fear of risk than by an aspiration to realize cyberspace’s full potential. Exacerbating this dynamic is a decades-old tendency among the large and sophisticated actors who design, construct, and operate digital systems to devolve the cost and difficulty of risk mitigation onto users who often lack the resources and expertise to address them.

Cyberthreats represent a betrayal of what advocates promised at the dawn of the digital revolution.

Too often, this state of affairs produces digital ecosystems where private information is easily accessible, predatory technology is inexpensive, and momentary lapses in vigilance can snowball into a continent-wide catastrophe. Although individually oriented tools like multifactor authentication and password managers are critical to solving elements of this problem, they are inadequate on their own. A durable solution must involve moving away from the tendency to charge isolated individuals, small businesses, and local governments with shouldering absurd levels of risk. Those more capable of carrying the load—such as governments and large firms—must take on some of the burden, and collective, collaborative defense needs to replace atomized and divided efforts. Until then, the problem will always look like someone else’s to solve.

Read the full article from Foreign Affairs.

Podcast
- May 17, 2023
Congress ponders regulation of powerful emergent A.I. platforms
Can Congress keep up with the pace of growth in artificial intelligence? Paul Scharre of the Center for a New American Security talks about the current attempts to regulate A....

By Paul Scharre
Commentary
- CSET
- May 16, 2023
Controlling Access to Advanced Compute via the Cloud: Options for U.S. Policymakers, Part I
We do not recommend controlling access to cloud computing services for entities in China, because, based on our analysis, it does not appear feasible and may have adverse cons...

By Hanna Dohmen, Jacob Feldgoise, Emily Weinstein & Tim Fist
Commentary
- The Messenger
- May 16, 2023
Chinese Data Restrictions Undermine US-China Stability
By refusing dialogue, China increases the risk of miscalculation, crises, and even conflict....

By Paul Scharre
Commentary
- Formiche
- May 11, 2023
From the USA, a Warning for Democracies
With new threats posed by commercial spyware uncovered by the day, democracies cannot wait to respond. Now is the time to work together and limit authoritarian use of spyware ...

By Alexandra Seymour

View All Reports View All Articles & Multimedia

Publications

Research Areas

Resident Experts

Adjunct Experts

Who We Are

CNAS Programs

Press

Events

Connect

The Cyber Social Contract

More from CNAS