The world of cybersecurity is overflowing with principles. Principles about patching, passwords and people. Principles about physical security, phishing and firewalls. But until recently, there has been little legal precedent supporting these principles—and without such precedent, principles can be difficult to enforce. This article was published by ASPI’s The Strategist.