Despite its centrality in the national cyber security strategies of the US and the UK, the public-private partnership is a nebulous arrangement, which is especially problematic in the context of critical infrastructure protection. Privately owned and operated critical infrastructure that is regarded as a potential national security vulnerability raises questions about the allocation of responsibility and accountability in terms of cyber security. As with many aspects of cyber security, this issue is often discussed with little reference to previous scholarship that could provide conceptual scaffolding. This article draws on the extensive literature on public-private partnerships in order to assess the tensions and challenges of this arrangement in national cyber-security strategies. It finds that there is a serious disjuncture in expectations from both 'partners'. The government regards privately owned and operated critical infrastructure as a key element of national security but is reluctant to claim a mandate to oversee network security. At the same time, the private sector is not inclined to accept responsibility or liability for national cyber security. This challenge for governments to manage national cyber security raises questions about how well equipped these states are to promote their own security in the information age. Acknowledging the flaws in the 'partnership' is an essential step towards addressing them. (International Affairs (Oxford) / SWP)
The multi-stakeholder model of global Internet governance has emerged as the dominant approach to navigating the complex set of interests, agendas and implications of our increasing dependence on this technology. Protecting this model of global governance in this context has been referred to by the US and EU as 'essential' to the future of the Internet. Bringing together actors from the private sector, the public sector and also civil society, multi-stakeholder Internet governance is not only regarded by many as the best way to organise around this particular issue, it is also held up as a potential template for the management of other 'post-state' issues. However, as a consequence of its normative aspirations to representation and power sharing, the multi-stakeholder approach to global Internet governance has received little critical attention. This paper examines the issues of legitimacy and accountability with regard to the 'rule-makers' and 'rule-takers' in this model and finds that it can also function as a mechanism for the reinforcement of existing power dynamics.
The implementation of the Internet of Things (IoT) is central to what the World Economic Forum has coined the 'Fourth Industrial Revolution'; a technological revolution built upon cyber-physical systems that will blur the lines between the physical, digital and biological spheres. Novel interconnections will emerge as a result, challenging traditional relations and modes of governance. However, a central feature of the IoT is that the implications of cyber (in)security are no longer abstract. The IoT also returns us to the world of kinetic effects in international relations; more familiar territory for IR. The resulting cooperation and coordination challenges are transboundary in nature, occur at multiple levels across sectors, between institutions, and will impact all actors, both public and private, in complex, often highly politicised ways. In this article we argue that advances in global climate governance appear to be offering an early model of a consensual rules-based approach within the existing international order that provides space for advancing agility, flexibility, and polycentrism to meet the demands of 'wicked problems' like the cybersecurity of the IoT. Perhaps one of the most important lessons to be drawn across from climate governance is the role of robust mechanisms for knowledge exchange – specifically between the technical and policy communities.
AbstractOngoing efforts by state actors to collaborate on addressing the challenges of global cybersecurity have been slow to yield results. Technical expert communities such as Computer Security and Incident Response Teams (CSIRTs) have played a fundamental role in maintaining the Internet's functional structure through transnational collaboration. Responsible for security incident management and located in diverse constituencies, these coordination centres engage in joint responses and solve day‐to‐day cybersecurity problems through diverse national, regional and international networks. This article argues that CSIRTs form an epistemic community that engages in science diplomacy, at times navigating geopolitical tensions in a way that political actors are not able to. Through interviews with CSIRT representatives, we explain how their collaborative actions, rooted in shared technical knowledge, norms and best practices, contribute to the advancement of international cooperation on cybersecurity.
In: Tanczer, L. M., Brass, I., Elsden, M., Carr, M., & Blackstock, J. (2019). The United Kingdom's Emerging Internet of Things (IoT) Policy Landscape. In R. Ellis & V. Mohan (Eds.), Rewired: Cybersecurity Governance (pp. 37–56). Hoboken, New Jersey: Wiley.
Tom Pegram and Michele Acuto, Introduction: Global Governance in the Interregnum 584. - Matthias Hofferberth, Mapping the Meanings of Global Governance: A Conceptual Reconstruction of a Floating Signifier 598. - Tom Pegram, Governing Relationships: The New Architecture in Global Human Rights Governance 618. - Madeline Carr, Power Plays in Global Internet Governance 640. - Maximilian Mayer and Michele Acuto, The Global Governance of Large Technical Systems 660. - Philipp Pattberg and Oscar Widerberg, Theorising Global Environmental Governance: Key Findings and Future Questions 684