In an era of globalization, technological innovation and rapid expansion of cyberspace, effective national and international cyber security is of critical importance.

This dimension is examining the best ways of resisting and recovering from cyber intrusions in order to help inform a more effective and comprehensive national and international cyber security policy.

Delivering cyber security must include capability in early warning, deterrence, resistance and recovery. The scope of this research is to consider the effectiveness of security policy in delivering national defence and resilience capability, while maintaining the benefits of a cyberspace vital for government, international business and society in general.

We would expect a mature cyber security policy to provide the necessary security capacity at all levels of society - government, national infrastructure, businesses, the third sector and individuals. Security capacity must be unobtrusive, yet effective, and must also have the flexibility to deal with new challenges as they arise in order to cope with the ever-changing nature of cyberspace. Consideration must be given to how cyber security fits with more traditional security policy, and the working relationships between the various public bodies involved in keeping cyberspace secure. Government needs a way of coordinating effectively with the custodians of cyberspace in industry. It is also important to consider how to recover from a major cyber intrusion in the event that one succeeds.

At the international level, our work looks at the strategies that peer nation-states and developing countries use to enhance their cyber security capacity, to identify targets for increased collaboration, as well as challenges to effective cooperation. We need to consider international development activities: how these might contribute to national policy in the form of securing states from cyber threats, and how to proceed diplomatically if an intrusion comes from within another jurisdiction. We will also consider whether states using cyberspace to police criminality could or should cooperate internationally to achieve an acceptable level of oversight, while still respecting users’ privacy and retaining the benefits of cyber communication. Finally, it is important to examine how governments and communities can effectively inform their adversaries, allies and the public about the shift to a more defensive posture.

Throughout our work we will also consider how cyber security capacity can be built under constraints. Assuming resources are limited, what should be the relative importance of warning, deterrence, defence and recovery? Measures to deter attacks may seem ideal in that they offer to preserve the benefits of cyberspace without distorting the policy environment and society itself. But sustaining a credible deterrent posture in cyberspace presents a number of difficulties and consideration must also therefore be given to defence and recovery. A key aim of this research area is therefore to establish which of these objectives are likely to prove most cost-efficient and effective in terms of policy.

This dimension is led jointly by Professor Paul Cornish, Research Group Director, Defence, Infrastructure and Security, RAND Europe, and Professor Ivan Toft, Assistant Professor of International Relations, Boston University.