Ensuring cybersecurity and data privacy in expanding digital infrastructure ecosystems

The growth in interconnected Digital Infrastructure Ecosystems (DIE's) which facilitate information exchange is coupled with a corresponding increase in vulnerability to cyber threats. To protect against cyber threats to individuals and business processes, one must protect not only the information's confidentiality, integrity, and availability (CIA), but also accountability and assurance (AA) — both essential to the proper functioning of dependent processes, and of a DIE itself, comprised of many Link/Message Exchanges upon which these dependent processes rely. Traditional laws and cybersecurity frameworks center solely on the CIA triad to protect the Exchange messages themselves. Consequently, organizations do not effectively ensure the quality of their Link/Messages Exchanges, exposing themselves and their information to threats of manipulation. Even risk-based best practice regulatory schemes consider only the potential for loss or misuse and not the potential for deliberate uncertainty of a DE's Link/Message Exchanges. Ensuring Cybersecurity and Data Privacy in Expanding Digital Infrastructure Ecosystems is challenging. This essay reviews the inadequacies of CIA-centric InfoSec, Privacy, and Accuracy regulations. We finally suggest an innovative supervisory control approach to adequately LTC for DIE Assurance and Confidentiality (Katal et al., 2013; Hashem et al., 2015; Chen et al., 2019).