According to Frank Montoya, the U.S. National Counterintelligence Chief, ‘‘[w]e’re an information-based society now. Information is everything. That makes . . . company executives, the front line——not the support mechanism, the front line——in [determining] what comes.’’1 Chief Montoya’s remarks underscore the central role played by the private sector in ongoing efforts aimed at enhancing cybersecurity, much like the increasingly vital role firms are playing in fostering sustainability. For example, according to Accenture surveys, the number of managers who consider sustainability to be critical to the future success of their organizations jumped from fifty to more than eighty percent from 2007 to 2010, fueling interest in a range of new sustainability initiatives.2 Similar trends may be seen with regard to cybersecurity,3 which is already prompting consideration of novel cybersecurity strategies aimed at translating this increased interest into action. One such avenue is corporate social responsibility (‘‘CSR’’). This Article argues that organizations should treat cybersecurity as a matter of CSR to safeguard their customers and the public, such as by securing critical infrastructure. It is in corporations’ own long-term self-interest (as well as that of national security) to take such a wider view of private-sector risk management practices so as to encompass less traditional factors akin to what companies have done with respect to sustainability. To that end, the analogy of sustainable development will be developed, focusing on the applicability of certain aspects of the green movement, such as integrated reporting and the common heritage of mankind concept, to help foster cyber peace.
The full text of this Article is available to download as a PDF.