{"id":346,"date":"2015-07-28T08:09:48","date_gmt":"2015-07-28T16:09:48","guid":{"rendered":"http:\/\/blog.mozilla.org\/netpolicy\/?p=346"},"modified":"2015-10-05T07:50:56","modified_gmt":"2015-10-05T15:50:56","slug":"experts-develop-cybersecurity-recommendations","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/","title":{"rendered":"Experts develop cybersecurity recommendations"},"content":{"rendered":"

Today, we\u2019re excited to publish the output of our \u201cCybersecurity Delphi 1.0\u201d research process, tapping into a panel of 32 cybersecurity experts from diverse and mutually reinforcing backgrounds.<\/p>\n

Mozilla Cybersecurity Delphi 1.0<\/a><\/p>\n

Securing our communications and our data is hard. Every month seems to bring new stories of mistakes and attacks resulting in our personal information being made available – bit by bit harming trust online, and making ordinary Internet users feel fear. Yet, cybersecurity public policy often seems stuck in yesterday\u2019s solution space, focused exclusively on well known terrain, around issues such as information sharing, encryption, and critical infrastructure protection. These \u201celephants\u201d of cybersecurity policy are significant issues – but too much focus on them eclipses other solutions that would allow us to secure the Internet for the future.<\/p>\n

So, working with Camille Fran\u00e7ois<\/a> & DHM Research<\/a> we\u2019ve spent the past year engaging the panel of cybersecurity experts through a tailored research process to try to extract public policy ideas and see what consensus can be found around them. We weren\u2019t aiming for full consensus (an impossible task within the security community!). Our goal was to foment ideation and exchange, to develop a user-focused and holistic cybersecurity policy agenda.<\/p>\n

\"Mozilla<\/a><\/p>\n

Our experts collectively generated 36 distinct policy suggestions for government action in cybersecurity. We then asked them to identify and rank their top choices of policy options by both feasibility and desirability. The result validated the importance of the \u201ccyberelephants.\u201d Privacy-respecting information sharing policies, effective critical infrastructure protection, and widespread availability and understanding of secure encryption programs are all important goals to pursue: they ranked high on desirability, but were generally viewed as hard to achieve.<\/p>\n

More important are the ideas that emerged that aren\u2019t<\/strong> on the radar screens of policymakers today. First and foremost was a proposal that stood out above the others as both highly desirable and highly feasible: increased funding to maintain the security of free and open source software. Although not high on many security policy agendas, the issue deserves attention. After all, 2014\u2019s major security incidents around Poodle, Heartbleed, and Shellshock all centered on vulnerabilities in open source software. Moreover, open source software libraries are built into countless noncommercial and commercial products.<\/p>\n

Many other good proposals and priorities surfaced through the process, including: developing and deploying alternative authentication mechanisms other than passwords; improving the integrity of public key infrastructure; and making secure communications tools easier to use. Another unexpected policy priority area highlighted by all segments of our expert panel as highly feasible and desirable was norm development, including norms concerning governments\u2019 and corporations\u2019 behavior in cyberspace, guided by human rights and communicated with maximum clarity in national and international contexts.<\/p>\n

This report is not meant to be a comprehensive analysis of all cybersecurity public policy issues. Rather, it\u2019s meant as a first, significant step towards a broader, collaborative policy conversation around the real security problems facing Internet users today.<\/p>\n

At Mozilla, we will build on the ideas that emerged from this process, and hope to work with policymakers and others to develop a holistic, effective, user-centric cybersecurity public policy agenda going forward.<\/p>\n

This research was made possible by a generous grant from the John D. and Catherine T. MacArthur Foundation.<\/p>\n

Mozilla Cybersecurity Delphi 1.0<\/a><\/p>\n

Chris Riley
\nJochai Ben-Avie
\nCamille Fran\u00e7ois<\/p>\n","protected":false},"excerpt":{"rendered":"

Today, we\u2019re excited to publish the output of our \u201cCybersecurity Delphi 1.0\u201d research process, tapping into a panel of 32 cybersecurity experts from diverse and mutually reinforcing backgrounds. Mozilla Cybersecurity … Read more<\/a><\/p>\n","protected":false},"author":665,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"coauthors":[],"yoast_head":"\nExperts develop cybersecurity recommendations - Open Policy & Advocacy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chris Riley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/\",\"name\":\"Experts develop cybersecurity recommendations - Open Policy & Advocacy\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2015\/07\/Mozilla-Cybersecurity-Delphi-Process-252x47.png\",\"datePublished\":\"2015-07-28T16:09:48+00:00\",\"dateModified\":\"2015-10-05T15:50:56+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2015\/07\/Mozilla-Cybersecurity-Delphi-Process.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/netpolicy\/files\/2015\/07\/Mozilla-Cybersecurity-Delphi-Process.png\",\"width\":1261,\"height\":234},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/netpolicy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Experts develop cybersecurity recommendations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/\",\"name\":\"Open Policy & Advocacy\",\"description\":\"Mozilla's official blog on open Internet policy initiatives and developments\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263\",\"name\":\"Chris Riley\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/559fa836e2ec3814f8e5ac20d5b8cae6\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g\",\"caption\":\"Chris Riley\"},\"description\":\"Head of Public Policy, Mozilla\",\"sameAs\":[\"https:\/\/blog.mozilla.org\/netpolicy\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Experts develop cybersecurity recommendations - Open Policy & Advocacy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/","twitter_misc":{"Written by":"Chris Riley","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/","url":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/","name":"Experts develop cybersecurity recommendations - Open Policy & Advocacy","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/netpolicy\/files\/2015\/07\/Mozilla-Cybersecurity-Delphi-Process-252x47.png","datePublished":"2015-07-28T16:09:48+00:00","dateModified":"2015-10-05T15:50:56+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#primaryimage","url":"https:\/\/blog.mozilla.org\/netpolicy\/files\/2015\/07\/Mozilla-Cybersecurity-Delphi-Process.png","contentUrl":"https:\/\/blog.mozilla.org\/netpolicy\/files\/2015\/07\/Mozilla-Cybersecurity-Delphi-Process.png","width":1261,"height":234},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/07\/28\/experts-develop-cybersecurity-recommendations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/netpolicy\/"},{"@type":"ListItem","position":2,"name":"Experts develop cybersecurity recommendations"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website","url":"https:\/\/blog.mozilla.org\/netpolicy\/","name":"Open Policy & Advocacy","description":"Mozilla's official blog on open Internet policy initiatives and developments","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263","name":"Chris Riley","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/559fa836e2ec3814f8e5ac20d5b8cae6","url":"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g","caption":"Chris Riley"},"description":"Head of Public Policy, Mozilla","sameAs":["https:\/\/blog.mozilla.org\/netpolicy\/"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/346"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/comments?post=346"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/346\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/media?parent=346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/categories?post=346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/tags?post=346"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/coauthors?post=346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}