Policy Issues Regarding Implementations of Cyber Attack  91


              complicated by the fact that it would be difficult to measure the success of
              resilience solutions serving to deter attacks, since deterrence is not directly
              observable. For all of these reasons one can expect that managing the design
              of anticipatory defenses would be quite difficult. Furthermore, should suc-
              cessful, high-visibility cyber attacks occur, confidence in anticipatory solu-
              tions serving as a deterrent would likely suffer, thereby resulting in
              reconsiderations regarding their effectiveness.
                 In the event that more emphasis is placed on implementing anticipatory
              solutions to cyber attacks, questions arise regarding the roles of industry and
              government in deciding on specific resilience requirements. With its supe-
              rior knowledge of physical system design details and the potential means of
              exploiting those details, industry is in a much stronger position than govern-
              ment to address the selection of anticipatory solutions. On the other hand,
              with its access to information regarding actual cyber attacks, and considering
              our country’s history of relying on government for implementing safety
              measures, government does possess some advantages. This suggests a shared
              role, but a variety of cybersecurity-specific complications, discussed in the
              following section, emerge when dividing accountabilities.
                 To demonstrate policy issues regarding the anticipation of cyber attacks,
              we return to the automobile collision avoidance–system scenario described
              in the initial section of this article. Note that this automobile example is per-
              tinent to other classes of physical systems. Assume that a collision event was
              to actually occur as a result of the earlier-described cyber attack. Members of
              the law-enforcement community would be the principal investigators as to
              the cause, but they would have no basis for determining the cause as being a
              cyber attack. Doing so would likely require access to a portion of the stored
              data from the involved automobiles’ onboard systems. Depending on the
              specific manufacturers and models of the involved automobiles, the data
              required to identify the cause as a cyber attack would likely vary from vehicle
              to vehicle. Due to these variations the costs associated with necessary field
              tools and officer training would be driven up. This may suggest standardi-
              zation as the required solution, but the standardization of pertinent data
              implies corresponding commonalities in the designs of automation features,
              which creates issues related to competition. To further complicate matters,
              the cyber-security community recognizes risks associated with “monocul-
              ture solutions”; i.e., common designs are vulnerable to common cyber
              attacks, enabling undesirable reuse opportunities by those who employ or
              sell software that accomplishes cyber attacks. In addition, the automobile
              companies and individual drivers may be reticent to provide such data