Dan Geer's Black Hat 2014 talk Cybersecurity as Realpolitik (also available as text) is thoughtful, smart, vital, and cuts through -- then ties together -- strands of security, liability, governance, privacy, and fairness, and is a veritable manifesto for a better world.
There are three professions that beat their practitioners into a state of humility: farming, weather forecasting, and cyber security. I practice two of those, and, as such, let me assure you that the recommendations which follow are presented in all humility. Humility does not mean timidity. Rather, it means that when a strongly held belief is proven wrong, that the humble person changes their mind. I expect that my proposals will result in considerable push-back, and changing my mind may well follow. Though I will say it again later, this speech is me talking for myself.
As if it needed saying, cyber security is now a riveting concern, a top issue in many venues more important than this one. This is not to insult Black Hat; rather it is to note that every speaker, every writer, every practitioner in the field of cyber security who has wished that its topic, and us with it, were taken seriously has gotten their wish. Cyber security *is* being taken seriously, which, as you well know is not the same as being taken usefully, coherently, or lastingly. Whether we are talking about laws like the Digital Millenium Copyright Act or the Computer Fraud and Abuse Act, or the non-lawmaking but perhaps even more significant actions that the Executive agencies are undertaking, "we" and the cyber security issue have never been more at the forefront of policy. And you ain't seen nothing yet.
I wish that I could tell you that it is still possible for one person to hold the big picture firmly in their mind's eye, to track everything important that is going on in our field, to make few if any sins of omission. It is not possible; that phase passed sometime in the last six years. I have certainly tried to keep up but I would be less than candid if I were not to say that I know that I am not keeping up, not even keeping up with what is going on in my own country much less all countries. Not only has cybersecurity reached the highest levels of attention, it has spread into nearly every corner. If area is the product of height and width, then the footprint of cybersecurity has surpassed the grasp of any one of us.