This resource assesses the United States’ current approach to critical infrastructure cybersecurity, and lays out a framework for legal and regulatory plan to address the course of action. It starts by highlighting the need for critical infrastructure security, then identifies the current course of action taken by the U.S. and other nations. The paper then performs a normative examination of the processes used by the U.S. using a market-based approach, as well as an analysis of an “ex ante” approach that requires more intrusive government involvement before ultimately recommending a regulatory path that best suits the security of critical infrastructure.
