Principles of cyber security
Cyber security has become a key priority across the world, relevant to all actors of human societies: international organizations, national governments, businesses, and individual citizens. However, cyber security remains a generally poorly understood notion, with unclear boundaries and goals. Our objective in this white paper is to define fundamental principles of cyber security and lay out a new foundation for a comprehensive and long-term strategy aimed to increase the security of organizations and individuals in the cyber space. We believe that cyber security must be on the agenda of every public or private decision maker. Although cyber security shares principles with other types of security, the cyber space presents challenges distinct from other areas. In order to protect critical systems and data of any organization and to prepare for emergency crises that may arise from increasingly frequent cyberattacks, it is a essential to be proactive and to develop appropriate cyber security policies. We believe that cyber security relies on three equally important, inter-connected areas: Technology, Strategy, and Human Behaviors. As top priority, it will be crucial to develop central repositories of knowledge and technologies to guide organizations in implementing the best cyber security strategies and effectively respond to attacks. It will also be crucial to explore one's strategy and choices carefully before a real attack happens, in order to validate trade-offs under attacks. Simulated environments offer a unique opportunity for interactive learning and strategy testing, without incurring the potentially catastrophic cost of real attacks, to determine the appropriate course of action.