Nearly fifty years ago, the term “wicked problem” was coined, and in this instance “coined” works well. Why? A wicked problem is the opposite of a “tame problem”. They are two sides of the same coin. What is a wicked problem, or a tame problem for that matter, and how does it relate to cyber security and cyber issues?
Let’s start with the other side of this coin, a tame problem. A good example of a tame problem is really any problem with a concrete answer. That is to say, a tame problem has a “stopping time,” a defined period in which the problem can be resolved. A tame problem can also be a repetitive problem, one that has a definitive solution, and one that can be tested and retested. With tame problems, there ARE right and wrong answers.
Wicked problems are the opposite of this. There are no definitive solutions or stopping rules. Solutions to wicked problems are not necessarily right or wrong, and each wicked problems is essentially unique. Wicked problems are often complex, resistant to solution, and ongoing. Cyber problems are often categorized as wicked problems, but what makes cyber issues wicked?
The challenges posed by wicked problems are evolving, fail to have clear solutions, and aren’t easily define. These same characteristics hold true for cyber problems. The variables are constantly changing. Solutions to wicked problems often have a cascading effect, creating new challenges, unintended consequences, and in an ever changing environment, wicked problems are never truly solved – all true for the wicked problem of cyber security.
Many cyber issues personify a wicked problem. Consider these points as they related to cyber security issues.
- Cyber security can never truly be solved (a completely secure network is a myth).
- Developing a solution to the problem often adds complexity and reveals new problems (when tackling a cyber security issue, solutions often reveal other issues like a nonexistent legal framework in which to operate, varying stakeholders with differing interests, solutions, and resources).
- There is no definitive solution (cyber security can really only be made better or worse).
- Each cyber security issue is basically unique (breaches in cyber security can be motivated by a wide variety of reasons from political to legal to financial as do the circumstances in which each breach occurs).
Cyber security is a problem in which there is no one actor or party that sets the “rules.” Cyberspace is truly global environment, and effectively allows a limitless number of actors to play a role and shape this issue. And in an environment like this, innovation, creation, and early adoption are the premium tools and the primary reasons why the public/private partnership in addressing the issue of cyber security is critical.