Cyberspace operates according to different rules than the physical world.
The same principles of cyberspace that allow businesses to reach their customers directly also allow bad guys to reach businesses directly. Yet you can’t have governments get in the way of the latter without also getting in the way of the former. Sharing information among people at human speed may work in many physical contexts, but it clearly falls short in cyberspace. As long we continue to try to map physical-world models onto cyberspace, they will fall short in some fashion.
After nearly 20 years of trying and billions of dollars in investment, why are organizations are still struggling with cybersecurity? In fact, the problem seems to be getting worse, not better. Answering this question requires moving beyond a purely technical examination of cybersecurity. It’s true that the technical challenges are very real; we don’t know how to write bug-free code, for example. But if you look at the challenge more broadly, even if we resolved the technical issues, cybersecurity would remain a hard problem for three reasons: It’s not just a technical problem The rules of cyberspace are different from the physical world’s Cybersecurity law, policy, and practice are not yet fully developed