Cybersecurity policy is an important issue. It’s important for governments and organizations to develop policy to implement cybersecurity infrastructure. It’s difficult to predict the next big threat, technology or vulnerability. What remains consistent is that there are always new technologies being developed, vulnerabilities being discovered, and attackers from different threat agents: script kiddies, professional hackers and nation states. Policy should be based on procedure and types of threats not the underlying technologies. One good way of developing cybersecurity policy is using the NIST cybersecurity framework. It’s an excellent blueprint because it’s general and based on policy and procedure not specific technologies. This allows it to grow and remain useable in a technological field where standards can become outdated and antiquated in a very short time. I watched a video from the Shmoocon 2020 and of the issues discussed was conflicts between cybersecurity professionals and industry. For example the DMCA allows drm and forbids bypassing drm under normal circumstances even when it’s intended for fair use. Cybersecurity researchers want more provision to go around drm protection to examine software and conduct research.

Cyber technology facilitates communications this includes communications and interactions between offenders and victims. Crime is moving to the internet. Now, cyber criminals can attack victims not just in their own country or town but in every internet connected location in the entire world. Cybersecurity and cybercrime are global issues. Many victims are in the wealthiest and largest countries including America. China is the nation with the largest number of hackers. Some hackers are not private criminals but agents of nation-states attacking other nations in cyber warfare. The United States employs hackers too. Stuxnet, which took down the Iranian nuclear power plant was a cyberattack traced to the united states. Almost 10% of internet attacks are traced to the United States. Victims cannot always determine who their attacker is or where they are located. It’s possible to mask source IP with vpn.