Authors: Gregory Falco
Addresses: Center for International Security and Cooperation (CISAC), Stanford University, 616 Serra Street, Stanford, CA 94305, USA
Abstract: There is always a risk that a public policy will be unsuccessful. Policy failure can be the result of poorly written policy whose implementation measures are not aligned with the intended goals. It can also be a result of unexpected constraints that impede policy implementation. There are many guides offering advice on how to write good policy and establish policy goals, yet there is no established preemptive method for anticipating policy implementation constraints or other barriers to policy success. This paper proposes a new qualitative method called constraint tree analysis (CTA) for evaluating the obstacles to policy implementation before a policy is enacted. The method builds on an established mechanism in aerospace engineering and computer science that enumerates possible failure points or attack vectors of systems. CTA is illustrated in this paper by using it to identify possible implementation obstacles of U.S. Executive Order 13636 - improving critical infrastructure cybersecurity.
Keywords: cybersecurity; technology policy; security policy; policy implementation; risk management; critical infrastructure.
International Journal of Technology, Policy and Management, 2020 Vol.20 No.2, pp.132 - 152
Received: 10 Jul 2018
Accepted: 20 Mar 2019
Published online: 25 Jul 2020 *