Research Triangle Park, NC—Researchers and policy experts working on cybersecurity often aim to provide new information, tools, and recommendations that will help government officials make better cyber policy decisions, but the current supply of such resources is not meeting cyber officials’ demand.
Cybersecurity is an ever-growing threat around the globe. As individuals, businesses, and governments increase their reliance on the internet, hackers have more targets and opportunity for attacks. Of particular concern in the United States, is the cybersecurity of federal government agencies and critical infrastructure, leading to the release of a new White House Executive Order last week.
To understand how the cyber policy community can better meet the needs of government officials and inform cyber policy, RTI International, with funding from the William and Flora Hewlett Foundation, analyzed the supply and demand of cyber policy research.
“Our goal was to collect and share information that advances knowledge on how cyber policy is made, and ultimately, improves cyber policymaking,” said Brent Rowe, lead author of the study report and a senior economist at RTI. “We wanted to assess how valuable information on cyber policy topics is consumed by government officials, and if barriers existed, better understand how to overcome them.”
For the study, RTI interviewed 39 current and former federal government officials in key cyber policymaking roles. Broadly, the interview results suggest that officials do value information and resources produced by researchers, policy experts, and others outside government, but not all members of the cyber policy community are viewed as providing the same value.
Officials shared that research is most valuable when it presents relevant, valuable, timely, and actionable information, which, based on interviews, industry experts do particularly well. In contrast, officials noted that information from academic researchers is often too theoretical and not released fast enough. However, officials typically trust information from academics and think tanks more because it is considered more independent and unbiased.
Based on these findings, the report outlines various recommendations for improving cyber policy supply and demand, including:
- Academics have an opportunity to be more influential if they focus their work on officials’ needs, by engaging officials more
- Government officials should more clearly specify and widely advertise their needs to academics and think tanks
- Research and policy analysis findings should be presented to officials in targeted, one-on-one briefs
- Industry and think tanks should try to help bridge the gap between academics and government
In addition to the federal government interviews, 15 state government officials were interviewed as part of two state case studies of California and Washington State. The main finding from these case studies was that very little state-focused research and policy analysis exists and much more is needed to support state cyber policymaking.
“Our Cyber Initiative is focused on building a network of experts and institutions that can help decision-makers develop sound cyber policy,” said Eli Sugarman, Cyber Initiative Program Officer at the Hewlett Foundation. “A big part of that is understanding how policymakers think about the landscape of cyber experts. The findings from this report provide insight into the kinds of information policymakers need and where they look for it.”
Read more in War on the Rocks.