An integrated complex adaptive governmental policy response to cyberthreats

This article analyzes the policy options available to governments for addressing the very costly economic impacts of cybersecurity threats. It contributes to complexity thinking in public policy. Complexity involves self-organization, emergence, feedback loops, and adaptation. We show that these are present with cyberthreats. In contrast to plans that involve a series of linear steps to a specific outcome, complexity thinking recommends adaptive design, which creates processes that involve coordinated decentralized capacity for experimentation and resilience. These are illustrated with an examination of the 2007 nation-wide cyberattack on Estonia and the lessons learned from this attack.