TY - JOUR
AU - Sean Atkins
AU - Chappell Lawson
AB - Qualitative analysis based on in-depth interviews with over 40 policymakers and senior private sector managers, as well as public documents, reveals considerable variation in how well this approach has worked in practice. The main predictors of policy success appear to be (a) the nature of the cyber threat to firms’ operations and (b) regulatory pressure on firms. However, other factors—such as the nature of intra-industry competition—also affect how well the current regime works in specific sectors. Our findings have implications for public administration on civilian cybersecurity, as well as ramifications for regulation in other policy domains.
BT - Wiley
DA - 2021-01-24
DO - 10.1111/puar.13322
N1 - Evidence for Practice• Collaboration between business and government in cybersecurity is distinct from conventional public–private partnerships designed to address capital markets failures, in that it must be highly flexible andadaptive.• Cybersecurity policies should be tailored to critical infrastructure sectors or subsectors, to take into accountthe nature of industry competition, the size and complexity of the sector, and longstanding relationshipsbetween business and the government in the sector.• Government agencies that possess a strong historical relationship to their assigned sector, expertise incyber, and resources to help firms are better able than other lead agencies to build an effective cybersecuritypartnership with industry.• Irrespective of sector, collaboration between the government and private owner-operators of criticalinfrastructure requires a high level of trust, often built through personal relationships and then reinforcedthrough iterated interactions.
N2 - Qualitative analysis based on in-depth interviews with over 40 policymakers and senior private sector managers, as well as public documents, reveals considerable variation in how well this approach has worked in practice. The main predictors of policy success appear to be (a) the nature of the cyber threat to firms’ operations and (b) regulatory pressure on firms. However, other factors—such as the nature of intra-industry competition—also affect how well the current regime works in specific sectors. Our findings have implications for public administration on civilian cybersecurity, as well as ramifications for regulation in other policy domains.
PY - 2021
T2 - Wiley
TI - An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure
UR - https://onlinelibrary.wiley.com/doi/full/10.1111/puar.13322?casa_token=wTHZUd5IdvwAAAAA%3AAHjqZFyaGimFOJlGEhkUyNGffd8KBjXjJyjbIxcBLicOH-7Xg_FWPiToZk-iBxbJbaKmORr9AjtJs8JR
SN - 0033-3352
ER -