Contributor: Vivek Krishnamurthy
Vivek Krishnamurthy is a lecturer on law at Harvard Law School and the assistant director of Harvard Law School’s Cyberlaw Clinic. His clinical teaching focuses on the regulation of the internet as a cross-border phenomenon and on the human rights impacts of internet-based technologies.”
The events of September 11 forever shattered the illusion that the distance between us and the world’s trouble spots immunizes us from the mass violence that afflicts them. Fifteen years and countless billions of dollars later, we are perhaps safer now than we were then against the particular tragedy that befell us on that day. Yet we have never been so vulnerable to an attack that could disrupt the lives of millions than in this age where everyone and everything is connected to the Internet.
Cybersecurity has been a public policy priority for years, but in recent months the inability of our defenses to protect key national institutions—including hospitals, political parties, and even our intelligence agencies—has become plain. Against a skilled and determined enemy, we seem to be virtually defenseless against the threat of a cyber 9/11.
To secure cyberspace effectively, we first and foremost need a change in mindset. Gone are the days when we could secure just our most critical systems and leave everyone and everything else to fend for themselves. Cybersecurity is ultimately more like public health than traditional security in that our defenses as a society depend on the immunity of every networked device to an attack. There is no good way to raise the overall level of our cybersecurity without incidentally protecting those actors in our midst with malevolent aims. Much as we would like to avoid it, this difficult trade-off is one we must learn to accept given the larger dangers that lurk in our connected world.