New Report Details Basics of Cybersecurity for Decision Makers


Cybersecurity is a never-ending battle, and a permanently decisive solution to the problem will not be found in the foreseeable future, concludes a new report from the National Research Council.  Written for a lay audience, the report presents the fundamental issues at the nexus of public policy and cybersecurity and is written to help decision makers and the interested public make informed choices about cybersecurity.


The report describes the basics of current computing, communications, and information technology systems, and the inherent vulnerabilities of these systems to adversarial activities.  It discusses technical and nontechnical approaches to enhancing the nation’s cybersecurity, such as employing an active defense against threats or deterring actors by imposing punishments. 


Improving cybersecurity calls for efforts to use what is known about cybersecurity more effectively and more widely, as well as efforts to develop new knowledge, the report says.  Moreover, enhancing cybersecurity should be understood as an ongoing process.


The report acknowledges that while cybersecurity is important to the nation, the United States has other interests and trade-offs to consider -- for example, a stronger cybersecurity system might reduce the nation’s innovative capabilities -- as part of the policymaking process.  The relevant policy question is not how the cybersecurity problem can be solved, but how it can be made manageable. 




At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues is available for immediate release at  Media inquiries should be directed to the National Academies’ Office of News and Public Information; tel. 202-334-2138 or e-mail