The development of cyber-policy and infrastructure is crucial in today’s world, where cybersecurity threats are becoming more sophisticated and frequent. However, the “short arm” of predictive knowledge, or the inability to predict future cyber threats with certainty, creates a challenging environment for policymakers and infrastructure developers. To approach the development of cyber-policy and infrastructure in this context, a risk management approach is necessary. This approach involves identifying potential risks, assessing their likelihood and impact, and developing strategies to mitigate or manage those risks. It is crucial to recognize that complete protection against all cyber threats is impossible, and therefore, risk mitigation is the best approach. One key aspect of risk management is continuous monitoring and evaluation. Cybersecurity threats are constantly evolving, and policies and infrastructure must be updated regularly to stay ahead of the latest threats. Additionally, risk assessments should be conducted regularly to identify new risks and assess the effectiveness of existing risk management strategies. Another critical element of developing effective cyber-policy and infrastructure is collaboration and communication. Cybersecurity threats are not limited to a single organization or entity, and effective risk management requires cooperation and coordination across various sectors and stakeholders. Policymakers must engage with industry experts, academia, and other stakeholders to develop effective policies and infrastructure that address the specific risks faced by various industries. Finally, it is important to ensure that cybersecurity policies and infrastructure are aligned with broader national security objectives and strategies. Cyber threats are increasingly being used to disrupt critical infrastructure, such as power grids and transportation systems, and can have significant national security implications. Therefore, cybersecurity policies must be developed in the context of broader national security objectives and strategies. In conclusion, developing effective cyber-policy and infrastructure in the face of the “short arm” of predictive knowledge requires a risk management approach, continuous monitoring and evaluation, collaboration and communication, and alignment with broader national security objectives and strategies.