By the exact same logic, implementing physical security on the level of "please don't kill vulnerable people" would also be reactive. If the cat's out of the bag on a way to kill people, well, don't we need to implement humans that are unkillable in that way? That's going to mean working on some hard problems...
No. We don't operate that way, and we don't want to.
But for us to not operate that way in cyberspace, we need crackers (to use the officially approved term) to be at least as likely to be caught (and prosecuted) as murderers are. That's a hard problem that we should be working on.
(And, yes, we need to work on the other problems as well.)
Despite the enforcement mechanisms against murders (which work less than 2/3s of the time), you see many places that implement preventive security measures to make killing people more difficult.
I think it is wholey reasonable to work on both preventive and punitive approaches. For online crimes, jurisdictional issues are major hurdles for the punitive approach.
> For online crimes, jurisdictional issues are major hurdles for the punitive approach.
Yeah. If you can catch people in your jurisdiction (without the problems of spoofing and false flags), then people are just going to attack you from outside your jurisdiction. You'd have to firewall your jurisdiction against outside attacks. (You might even be able to do that, by controlling every cable into the country. But then there's satellites...)
No. We don't operate that way, and we don't want to.
But for us to not operate that way in cyberspace, we need crackers (to use the officially approved term) to be at least as likely to be caught (and prosecuted) as murderers are. That's a hard problem that we should be working on.
(And, yes, we need to work on the other problems as well.)