Are Threats Surrounding Cybersecurity Inflated?

Are Threats Surrounding Cybersecurity Inflated?

Are Threats Surrounding Cybersecurity Inflated?

Top security officials like General Keith Alexander, commander of the U.S. Cyber Command, continue to speak out on the threats of cybersecurity, and while Senator Whitehouse’s recent bill seeking to declassify information concerning cybersecurity is a step to demystify these threats, little is known about the real risks.

In new research published by the Mercatus Center at George Mason University, Jerry Brito and Tate Watkins analyze the rhetoric around cybersecurity, and recommend that, before legislating or regulating, Washington should end the “cyber doom” rhetoric, and declassify evidence relating to cyber threats, so that people are aware of the true threat level. 

“When we hear the rhetoric around cybersecurity, we hear people bring up the worst case scenarios, like planes falling out of the sky, but when you ask for the evidence, they point to the lesser attacks, such as denial of service attacks,” said Brito.

Brito and Watkins say that the rhetoric around cybersecurity coming out of Washington amounts to threat inflation not unlike what we saw in the run-up to the Iraq War. It has the potential to lead to an overreaction based on vague evidence.

“In the cybersphere, the current rhetoric does not allow for differentiating between the threats posed by different types of attacks,” said Brito. “Fear is not a good basis for policy making.  The American people have learned they need to trust the government, but they need to verify.  Let us know what the threats are, and what the government intends to do about them.”

Additionally, Brito and Watkins offer a model to examine the costs and benefits of regulation and other responses so that policymakers can determine the best ways to address disparate threats. 

“You have to consider the alternatives,” said Brito.  “Government networks might be insecure, or vulnerable to attack, and then the decision is how much money and how many resources do we want to spend to secure them? To answer this question, we need data, but right now that’s classified.”

Jerry Brito blogs at The Technology Liberation Front. Watch a video of Brito discussing the paper .

For more information or to book an interview with the scholars featured in this article, please contact Kate De Lanoy, Associate Director of Media Relations

Featured Scholars

' '