The Center for a New American Security has published an excellent and comprehensive report titled “America’s Cyber Future: Security and Prosperity in the Information Age.” This is a two-volume product, with volume one being the summary and analysis portion and volume two being a 250-page collection of detail essays on key subjects penned by an eclectic group of experts. You will want both products for your library.
The list of contributing authors is too long to include here, but it has hoary policy and cyber mavens, technical experts, and some of the brightest young guns of the policy arena. Full disclosure, I am thanked on the acknowledgement page (for which I am grateful), but all I can claim is giving my opinion a few times, referencing the solid work of others. I would have been thrilled to work with a group like this and enjoyed the sessions I was able to attend.
If you have limited time, at least read the first volume. It is worth your time. It covers several key areas that will provide a brief and comprehensive education in cyber. It looks at U.S. national interests, cyber threats, current governmental efforts, and some very balanced policy recommendations. Some may say that there is little terribly new here. To that I answer that I would rather see “right” than “new.” CNAS, under Kristin Lord’s direction, has investigated the cyber ecosystem, and come back with a plain English presentation that can (and should) be understood by the policy community, tech savvy or not.
CNAS chose to go with what they felt was the most useful and do-able items, rather than trying to be preachy and to accomplish nothing. A smart legislator (and their staff) would do well to read this and adopt a good deal of it. At the worst, you will be in the ball park, with a workable proposal in hand.
If you want to go deeper, or have a particular area of cyber that interests you, go for volume two. It begins with articles by Joe Nye and Mike McConnell, looking at power and security in cyberspace and the complicated threat landscape, respectively. The next chapter is a key one, which attempts to “see through” the hype of the issues set to what Washington really needs to now. These foundational treatments are followed by chapters on: Cyber War (Mahnken); Non-State Actors (Rattray & Healey); International Norms (Finnemeore); Governance (Gross, Daley, Lucarelli & Miksad); Privacy vs. Security (Lewis); Internet Freedom (Fountain & Rogers); Economic Risks of Insecurity (Schroeder); Innovation and Governments (Geer); Internet Architecture (Kahn); and Future Scenarios (Schwartz).
To be frank, the report is like a ready-made syllabus for cyber security. Given that I have developed such a course, I know about the subject. You could do much, much worse than handing students these two books as the readings for a cyber course. It could be undergrad, masters level or as a governmental appointee prep course.
CNAS should be congratulated for the quality of the authors they have assembled, for letting them write effectively and openly, and for developing the chapeau to cover the lot. Given the proliferation of cyber writing out there, it is a crowded field. Some is good, some is bad, a little is exceptional. CNAS has landed in the latter category. Well done.
And yes, I will be incorporating this into my teaching in the future. It is simply good stuff.