The Cyber Imperative for Policy Professionals

By Daniel Lao-Talens

The cyberization of our lives is well underway, but the pace of innovation in the technology sector has surpassed governments’ and policy professionals’ abilities to carefully analyze its impact. Since the release of the first iPhone in 2007, society has rapidly integrated an ever-evolving set of cyber technology, eager to capitalize on the efficiency and convenience “going cyber” promises. The latest iteration of this technology, the category of devices called the “Internet of Things” (IoT), is set to achieve an unprecedented level of connectivity at an immense scale. Projections from Gartner and McKinsey state that over 12 billion IoT devices will be in use by 2020 and will generate over $11 trillion of economic activity by 2025. The increasing prevalence of cyber presents a massive challenge to policy experts in both the public and private sectors, many of whom want to integrate these devices to improve their own work. Unfortunately, current policy experts seem to lack the technical knowledge necessary to analyze the impact of cyber either as a separate field of study or within another area of expertise.

Such a blind spot is both inefficient and dangerous, especially in a world where malicious actors are able to exploit cyber vulnerabilities to commit crimes and even cause physical damage to infrastructure. Cyber attacks take on many forms, from China’s calculated theft of intellectual property to the targeted destruction of Iranian nuclear infrastructure, but the reality is that current efforts to secure and regulate cyber devices and their use are not enough. Private corporations still suffer from data breaches and theft, even tech companies like Facebook. Meanwhile, governments also struggle, with Atlanta being the latest victim of an attack even after the high-profile hacks of the Office of Personnel Management (OPM) and the San Francisco Municipal Transportation Agency (SFMTA).

Although cybersecurity and computer science experts have largely taken the lead in defending and responding to cyber attacks, there needs to be a greater universal proficiency in cyber, particularly for policy professionals. Current public policy professionals need to address this immediate lack of proficiency by engaging their cybersecurity and information technology (IT) professionals to educate themselves on basic cyber or IT concepts, but the future will require more technically savvy policy professionals. Experts agree that a connected life will become the status quo, and  importantly a growing number of local governments are taking steps to develop policy for IoT. Major cities like New York and Chicago have drafted guidelines for IoT use within their respective governments, and cities of all sizes are forming regional partnerships through organizations like the MetroLab Network to explore and integrate emerging technologies for municipal use.

Such efforts are encouraging, but are only minor steps toward addressing what is already a major area of concern. Public policy schools need to begin integrating cyber concepts into their curricula and establish partnerships with cybersecurity, information management, or computer science schools in the same way they do with business and law. At Goldman (and likely at other policy schools) business and law courses are frequently promoted, faculty have experience in or teach across the disciplines, and schools frequently co-sponsor research institutes, conferences, and academic presentations. However, Goldman’s level of involvement with cyber is almost nonexistent in comparison, especially considering the existence of multiple cyber-focused programs and initiatives in Berkeley’s Law and Business Schools. The School of Law established the Berkeley Center for Law & Technology (BCLT) over 20 years ago, and its faculty members are heavily engaged in the Berkeley School of Information’s Center for Long-Term Cybersecurity (CLTC). Business school faculty also work with the BCLT, but the school also has its Institute for Business Innovation, which enjoys research partnerships with tech companies in Silicon Valley, and the Management, Entrepreneurship, and Technology undergraduate program co-sponsored with the School of Engineering that “aims to fast-track [a] path to Silicon Valley C-Suites”. There is a clear and compelling opportunity for a public policy school to participate in initiatives like these; instead of Goldman, it is BLTC that claims it “plays a direct and important role in public policy debates and the education of public officials” on technology policy and cyber.

Establishing these academic relationships and professional knowledge bases is difficult and requires significant resources, but these growing pains are necessary and will only be more significant down the line if ignored. Relying on technical experts in cyber or tech to become more policy conversant or leaving others to assume policy expertise is an abdication for a field that seeks to solve society’s present and future problems. The transition toward a world in which IoT sensors become as ubiquitous and mandatory as computers to everyday life is quickly approaching. Policy professionals must develop a base level of cyber proficiency to analyze, integrate, and regulate this emerging technology and policy schools must devote themselves toward producing technically knowledgeable experts and assert themselves in the technology policy space.

Daniel Lao-Talens is a Master of Public Policy candidate at the Goldman School of Public Policy and an active duty United States Army officer. Before attending Goldman, he worked as an information network operations officer. The opinions here are those of the author’s and do not represent the positions or views of the U.S. Army, the Department of Defense, or any organization therein.