Accession Number : ADA581225


Title :   Paradigm Change: Cybersecurity of Critical Infrastructure


Descriptive Note : Master's thesis


Corporate Author : NATIONAL DEFENSE UNIV NORFOLK VA JOINT ADVANCED WARFIGHTING SCHOOL


Personal Author(s) : Martin, Jr, James E


Full Text : http://www.dtic.mil/dtic/tr/fulltext/u2/a581225.pdf


Report Date : Apr 2013


Pagination or Media Count : 97


Abstract : This study argues that the United States' paradigm for the cybersecurity of critical infrastructure is flawed. For nearly two decades, repeated Presidential and Congressional efforts to revise cybersecurity policies have resulted in new policies that contain old and unproven principles. Meanwhile, the cyber vulnerabilities within critical infrastructure information environments and the lethality of the global cyber threats to those national assets continue to grow. This thesis examines the foundational policy threads that have resurfaced in Presidential cybersecurity policy initiatives over the last 20 years. Collectively, these consistent themes constitute the United States' paradigm for cybersecurity. Although the United States' approach to cybersecurity has evolved during the past 20 years, its foundational principles remain unchanged, in error, and incapable of solving the nation's cybersecurity challenges. Specifically, two unproven beliefs, the Self-Regulation Theory and the Incremental Progress Theory, remain consistent stalwarts throughout subsequent polices covering the cybersecurity of critical infrastructure. The United States requires revolutionary thinking to defend critical infrastructures against a 21st century cyber threat. Unfortunately, the traditional paradigm hinders innovative thinking. The United States' faulty cybersecurity paradigm rests upon unproven theories that if left unchanged, direct the nation toward a national catastrophe. The thesis examines the evolution of cybersecurity policies in the United States through the lens of Thomas Kuhn's change theory. According to Kuhn, periodically a series of events creates a critical point at which long-held beliefs cease to resolve the complexities within an environment and create the conditions for a paradigm change. The United States is at such an inflection point. The study concludes with a fundamentally different paradigm for the cybersecurity of critical infrastructure.


Descriptors :   *COMPUTER SECURITY , *CYBERTERRORISM , *CYBERWARFARE , *EVOLUTION(GENERAL) , *INFRASTRUCTURE , *POLICIES , *PRESIDENT(UNITED STATES) , CASE STUDIES , COMPUTER VIRUSES , CONGRESS , INFORMATION SECURITY , LEGISLATION , THESES , THREATS


Subject Categories : Government and Political Science
      Computer Systems Management and Standards
      Military Operations, Strategy and Tactics


Distribution Statement : APPROVED FOR PUBLIC RELEASE