History lessons for better public policy: how to build a cyber secure society
In 1971, Bob Thomas, a computer researcher in Cambridge, Massachusetts, created a testing program he called Creeper. His goal was to prove the theory first proposed by the legendary mathematician John von Neumann that a program could self-replicate.
Thomas introduced the Creeper worm into the US Department of Defense’s ARPANET network (the precursor to the Internet) and it quickly spread, leaving the innocuous message “I’m the Creeper, catch me if you can!” » wherever it appears. Thomas created the world’s first computer virus.
EY Global Government and Infrastructure Leader.
Today, governments and businesses find themselves under constant attack by forms of computer viruses far more hostile and sophisticated than even Thomas could have imagined. By 2024, an estimated 600 million cyberattacks will be launched against organizations and individuals every day.
What was once considered digital vandalism has been replaced by a powerful and destructive combination of ransomware, financial fraud, phishing, technology scams, and distributed denial of service (DDoS) attacks perpetrated by nation states, cybercrime groups, and other influence operation groups.
It’s no surprise, then, that protecting sensitive data is one of the top 10 risks facing governments and the public sector.
Reinventing cybersecurity to stay ahead
Governments are proactive in combating cyber threats at regional and national levels. The EU, for example, adopted the Network and Information Security (NIS2) and Resilience of Critical Entities Directive, which provides a baseline for cybersecurity risk management and reporting obligations in critical sectors.
Saudi Arabia’s National Cybersecurity Authority (NCA) has established several cybersecurity regulations that all government entities and critical national infrastructure must follow. The Australian Cybersecurity Strategy 2023-2030 aims to protect small and medium-sized businesses against cyber threats – such is the vulnerability of these businesses.
However, cyber threats will continue to grow at an exponential rate globally, fueled by increasingly disruptive technologies such as AI generation, the Internet of Things, cloud and quantum computing. As these threats increase, the role of cybersecurity within governments and organizations will also need to become more robust and more strategic.
In the simpler days of e-governance, cybersecurity focused on protection, compliance obligations, and risk reduction and quantification.
Today, however, core cybersecurity functions are becoming key enablers of organizational strength and development by helping other sectors of government and business adopt and develop technologies (including AI), improve customer experiences, and even develop new products and services.
How to turn cybersecurity into a strategic advantage
To address these challenges, governments can prioritize modernizing and strengthening their digital infrastructure.
Leveraging emerging technologies such as blockchain, with its ability to create immutable records, improves supply chain transparency and improves accountability in supplier management. AI-driven digital twins, on the other hand, enable early detection of vulnerabilities and can simulate potential attack scenarios to prepare defenses.
Developing a competent and adaptable cybersecurity workforce is equally important. Continued investment in targeted upskilling and hands-on training programs builds the technical expertise and security-conscious culture needed within government agencies.
Results from the EY Government State and Local 2025 survey demonstrate that, despite budget constraints, nearly half of U.S. government IT leaders are prioritizing workforce upskilling, recognizing its importance in effectively managing evolving cyber threats and leveraging emerging technologies such as AI.
Establishing standardized governance, ethics and compliance frameworks across all government entities is essential to eliminate fragmentation and strengthen accountability.
A harmonized governance model ensures consistent compliance with national and international cybersecurity regulations, providing a clear framework for risk management and data protection.
The EU’s NIS2 directive provides a good example of how unified governance can streamline incident reporting and improve security in critical sectors.
Finally, fostering close collaboration between governments, private sector organizations and international partners is essential to building a resilient defense ecosystem, as is timely sharing of threat intelligence and coordinated incident response.
Public-private partnerships not only accelerate the mitigation of cyber incidents, but also drive innovation in security solutions, highlighting the power of collective action to protect the nation’s cyberspace.
The history lesson in becoming cyber secure
Bob Thomas’s Creeper virus was neutralized a few months later by another program called Reaper, written by one of his colleagues, Ray Tomlinson (best known for inventing e-mail).
However, in today’s digital age, governments do not have the luxury of waiting even a day to respond to threats such as risks to national security, public services and the privacy of their citizens.
This is why protecting digital infrastructure and sensitive data is not just a necessity but a strategic imperative, helping to build the trust and resilience essential to effective governance.
We have presented the best encryption software.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you would like to contribute, find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
