Abstract
This chapter analyses theoretical and practical implications of different forms of self- and co-regulation in the field of cybersecurity. In the past decade, the approaches to cybersecurity and critical information infrastructure protection have been based on the notion of the necessity for public–private collaboration, multifaceted strategies and recognition of the significant role that industry plays in securing the information networks. However, with the raise of cybersecurity on the top of the policy agenda, many governments and academics are concerned with the possible failure of the private sector in delivering acceptable level of security in the information networks without governmental intervention. This shift of the concept has lead to the proposals to legislate cybersecurity in the form of mandatory reporting of security incidents and obligations to share information, security standards and compliance procedures. One of such proposals is currently being discussed as EU NIS directive. These developments raise many concerns about shifting the balance in cybersecurity from bottom-up voluntary approaches and collaboration to a heavier regulation. This chapter argues that this turn can have negative consequences and that the best way to provide cybersecurity is the evolvement of the existing channels for collaboration and building trust between industry and governments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The full text of the indictment can be accessed on the website on the US Department of Justice: http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf.
- 2.
The full text of the resolution is available at: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0230.
- 3.
The excerpt from the article “A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense” written by Larry Clinton and published in the Journal of Strategic Security 4, no. 2 (2011): 97–112 is quoted with a kind permission of the Journal of Strategic Security.
- 4.
See Amendment 132, European Parliament legislative resolution of 13 March 2014 on the proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union [COM(2013)0048—C7-0035/2013—2013/0027(COD)].
- 5.
The text of amendment proposed by the European Council: Art. 3(8) “operator” means a public or private entity referred to in Annex II, which provides an essential service in the fields of infrastructure enabling the provision of information society services, energy, transport, banking, financial markets, health and water supply and which fulfils all of the following criteria:
-
the service depends heavily on network and information systems;
-
an incident to the network and information systems of the service having serious disruptive effects for critical social and economic activities [and/]or having [serious] public safety implications.
“Each Member State shall identify on its territory entities, which meet the above definition of operator.” Council of the European Union [72].
-
- 6.
The translation of the German IT security Draft law is cited from Kuschewsky [73].
- 7.
e.g. Protecting cyberspace as a National Asset Act of 2010, Cybersecurity Act of 2010, Cybersecurity Act of 2012; for more information see [75].
- 8.
Presidential Executive Order 2013 and a Cybersecurity Framework 2014 issued by the National Institute for Standards and Technology.
References
Nye J (2010) Cyberpower. Belfer center for science and international affairs, Harvard Kennedy School, May 2010 [Online]. Available at: http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf
Barrett et al (2011) Combating cybercrime. Principles, Policies, and Programs. April 2011, PayPal [Online]. Available at: https://www.paypal-media.com/assets/pdf/fact_sheet/PayPal_CombatingCybercrime_WP_0411_v4.pdf
Finklea K, Theohary C (2013) Cybercrime: conceptual issues for congress and U.S. law enforcement [Online]. Available at: https://www.fas.org/sgp/crs/misc/R42547.pdf
Hathaway O et al (2012) The law of cyber-attack. California Law Rev100(4), 2012; Yale Law and economics research paper no. 453; Yale Law School, public law working paper no. 258. Available at SSRN: http://ssrn.com/abstract=2134932
Cornish P et al (2010) On cyber warfare. A chatham house report. November 2010 [Online]. Available at: https://www.chathamhouse.org/sites/files/chathamhouse/public/Research/International%20Security/r1110_cyberwarfare.pdf
Bambauer D (2011) Conundrum. Minn Law Rev 96:584. [Online]. Available at SSRN: http://ssrn.com/abstract=1807076
Tiirmaa-Klaar H (2013) Botnets, cybercrime and national security. In: Tiirmaa-Klaar et al. (2013) Botnets. SpringerBriefs in Cybersecurity Vol VIII, 2013
Watney M (2012) The way forward in addressing cybercrime regulation on a global level. J Int Technol Secured Trans (JITST) 1(1/2)
UNODC (2013) Comprehensive study on cybercrime. Draft—February 2013. UNODC Vienna
Brenner S (2007) At light speed: attribution and response to cybercrime/terrorism/warfare. J Crim L Criminol 97:379. [Online]. Available at SSRN: http://ssrn.com/abstract=1008542
Bendiek A (2012) European cyber security policy. SWP research paper, Stiftung Wissenschaft und Politik German Institute for international and security affairs, RP 13 October 2012 Berlin
Bradley T (2012) When is a cybercrime an act of cyberwar? PC World [Online]. Available at: http://www.pcworld.com/article/250308/when_is_a_cybercrime_an_act_of_cyberwar_.html
Maurer T (2011) Cyber norm emergence at the United Nations—An analysis of the activities at the UN regarding Cyber-security. [Online]. Available at: http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf
Jang YJ, Lim BY (2013) Harmonization among national cyber security and cybercrime response organizations: new challenges of cybercrime [Online]. Available at: Cornell University Library http://arxiv.org/abs/1308.2362
Office of the National Counterintelligence Executive (2011) Foreign spies stealing U.S. economic secrets in cyberspace: report to congress on foreign economic collection and industrial espionage, 2009–2011
Klimburg A (ed) (2012) National cyber security framework manual, NATO CCD COE Publication, Tallinn
e Silva K (2013) Europe’s fragmented approach towards cyber security. Int Policy Rev 2(4)
Center for Democracy and Technology (2013) Unpacking “cybersecurity”: threats, responses, and human rights considerations, 26 June 2013 [Online]. Available at: https://cdt.org/insight/unpacking-cybersecurity-threats-responses-and-human-rights-considerations/
OECD (2012) Cybersecurity policy making at a turning point: analysing a new generation of national cybersecurity strategies for the internet economy. OECD Publishing
Brosseau E (2002) Internet regulation: does self-regulation require an institutional framework. In: ‘DRUID summer conference on ”industrial dynamics of the new and old economy—who is embracing whom?” Copenhagen/Elsinore
Lovet G (2009) Fighting cybercrime: technical, juridical and ethical challenges. Virus bulletin conference September 2009. [Online]. Available at: http://www.fortiguard.com/sites/default/files/VB2009FightingCybercrime-Technical,Juridical and Ethical Challenges.pdf
Vogel J (2007) Towards a global convention against cybercrime. World conference on penal law, Guadalajara, Mexico [Online]. Available at: http://www.penal.org/IMG/Guadalajara-Vogel.pdf
Marsden C, Simmons S, Cave J (2006) Options for an effective-ness of internet self- and co-regulation. Phase 1 report: Mapping existing co- and self-regulatory institutions on the internet, RAND Europe [Online]. Available at: http://ec.europa.eu/dgs/information society/evaluation/data/pdf/studies/s2006 05/phase1.pdf
Sahel J (2006) A new policy-making paradigm for the information society. TPRC conference, 2006 [Online]. Available at: http://web.si.umich.edu/tprc/papers/2006/635/NewParadigmInfoSociety.pdf
Sieber U (2008) Mastering complexity in the global cyberspace: the harmonization of computer-related criminal law. In: Collection de L’UMR de Droit Compare de Paris, Bd. 15. Paris, Societe de legislation compare, pp 127–202
Alderson D, Soo Hoo K (2004) The role of economic incentives in securing cyberspace. Center for International Security and Cooperation, Stanford [Online]. Available at: http://cisac.fsi.stanford.edu/publications/role_of_economic_incentives_in_securing_cyberspace_the
Lewis J (2005) Aux armes, citoyens: cyber security and regulation in the United States. 29 Telecomm Policy 11 (2005)
Cornish P (2011) The vulnerabilities of developed states to economic cyber warfare. Working paper [Online]. Available at: http://www.chathamhouse.org/sites/default/files/0611wp_cornish.pdf
COE (2011) Global project on cybercrime, phase 2, summary [Online]. Available at: http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/cyoctopusinterface2011/2079%20adm%20pro%20summary%2026%20Sep%202011.pdf
Brown A, Snower D (eds) (2011) global economic solutions 2010/2011. In: Proposals from the global economic symposium. Kiel, Germany; Kiel Institute for the World Economy. [Online]. Available at: http://www.syngentafoundation.org/__temp/Global_Economic_Solutions_2010-11.pdf
OECD (2011) The role of internet intermediaries in advancing public policy objectives. OECD Publishing
Irion K (2013) The governance of network and information security in the European Union: The European public–private partnership for resilience (EP3R) In: Gaycken S, Krueger J, Nickolay B (eds), The secure information society, Springer, Berlin 2013, p 83–116
Cook D (2010) Mitigating cyber-threats through public–private partnerships: low cost governance with high-impact returns. In: Proceedings of the 1st international cyber resilience conference, Edith Cowan University, Perth, Western Australia, 23 August 2010
Dupont B (2013) Cybersecurity futures: how can we regulate emergent risks? Technol Innovation Manage Rev July 2013, [Online]. Available at: www.timreview.ca
Malmström C (2012) Public–private cooperation in the fight against cybercrime. EU cybersecurity and digital crimes forum, Brussels, 31 May 2012. [Online]. Available at: http://europa.eu/rapid/press-release_SPEECH-12-409_en.htm?locale=en
Gercke M, Tropina T, Lozanova Y, Sund C (2011) The role of ICT regulation in addressing offences in cyberspace. In: Trends in telecommunication reform November 2010. Enabling Tomorrow’s Digital World. ITU (2011)
Robinson N et al (2013) Data and security breaches and cyber-security strategies in the EU and its international counterparts. European Parliament, IP/A/ITRE/NT/2013-5 September 2013, PE 507.476
Schmidt A (2014) Open security. Contributions of networked approaches to the challenge of democratic internet security governance. In: Radu R, Chenou J-M, Weber R (eds) The evolution of global internet governance. Springer Berlin (2014)
Czosseck C, Ottis R, Ziolkowski K (eds) (2012) Conceptual framework for cyber defense information sharing within trust relationships. In: 2012 4th international conference on cyber conflict. 2012 NATO CCD COE Publications
The World Bank Group (n.d.) Global ICT department. Cybersecurity: a new model for protecting the network. [Online]. Available at: http://siteresources.worldbank.org/EXTINFORMATIONANDCOMMUNICATIONANDTECHNOLOGIES/Resources/CyberSecurity.pdf
Bruce R et al (2005) TNO report. International policy framework for protecting critical information infrastructure: a discussion paper outlining key policy issues, [Online]. Available at: http://www.ists.dartmouth.edu/library/158.pdf
Tropina T (2014) Fighting money laundering in the age of online banking, virtual currencies and internet gambling. ERA Forum 15(1):69–84
Fafinski S, Dutton W, Margetts H (2010) Mapping and measuring cybercrime. OII forum discussion paper no 18. [Online]. Available at: http://www.law.leeds.ac.uk/assets/files/staff/FD18.pdf
Coyne C, Leeson P (2005) Who’s to protect cyberspace. J Law Econ Poly 1:473
ACMA (2011) Optimal conditions for effective self- and co-regulatory arrangements. Occasional paper. [Online]. Available at: http://www.acma.gov.au/webwr/_assets/main/lib311886/self-_and_co-regulatory_arrangements.pdf
Senden L (2005) Soft law, self-regulation and co-regulation in European law: where do they meet? Electron J Comp Law 9(1)
Bartle, I, Vass P (2007) Self-regulation and the regulatory state: a survey of policy and practice. Publ Adm 85(4):885
Koops B (2010) Cybercrime legislation in the Netherlands. Electron J Comp Law 14.3 (December 2010), [Online]. Available at: http://www.ejcl.org
Cannataci J, Bonnici J (2002) Can self-regulation satisfy the transnational requisite of successful internet regulation? In: 17th BILETA annual conference, Free University, Amsterdam, 5–6 April 2002. [Online]. Available at: www.bileta.ac.uk/02papers/cannataci.htm
Clinton L (n/d) Cross cutting issue #2 how can we create public private partnerships that extend to action plans that work? (undated) Int Secur Alliance. [Online]. Available at: http://www.whitehouse.gov/cyberreview/documents/
Brunst P, Sieber U (2010) Cybercrime legislation in Germany. In: German national reports to the XVIII. International congress of comparative law, Mohr-Siebeck, Tubingen, pp 711–800
Akdeniz Y (2001) Internet content regulation. UK government and the control of internet content, computer law and security report 17(5)
Cisco (2010) Annual security report highlighting global security threats and trends [Online]. Available at: http://www.cisco.com/en/US/prod/collateral/vpndevc/securityannualreport2010.pdf
Choo R (2009) The organised cybercrime threat landscape, international serious and organised crime conference 2010, [Online]. Available at: http://www.aic.gov.au/events/aic%20upcoming%20events/2010/_/media/conferences/2010-isoc/presentations/choo.pdf
Choo R, Smith R, Mccusker R (2007) Future directions in technology-enabled crime: 2007–09. In Res Publ Policy Ser 78:61–80
Seth K (2010) Evolving strategies for the enforcement of cyberlaws. High level consultation meeting for formulation of a national policy and action plan for enforcement of cyberlaw, New Delhi on 31 January 2010. [Online]. Available at: http://www.sethassociates.com/wp-content/uploads/Evolving-Strategies-for-the-Enforcement-of-Cyberlaws.pdf
Gotlieb R (2011) Cybercop fights organized internet crime [Online]. Available at: http://www.miller-mccune.com/legal-affairs/cybercop-fights-organized-internet-crime-27897/
Le Toquin J (n.d.) Public–private partnerships against cybercrime. [Online]. Available at: www.oecd.org/dataoecd/51/24/42534994.pdf
Thomas R (2012) Securing cyberspace though public–private partnership. A comparative analysis of partnership models May 2012 [Online]. Available at: http://csis.org/files/publication/130819_tech_summary.pdf
Devos S (2011) The google-NSA alliance: developing cybersecurity policy at internet speed. Fordham Intellect Prop Media Ent Law J 21(1). Article 5
Rosenzweig P (2011) Cybersecurity and public goods the public/private “partnership” [Online]. Available at: http://media.hoover.org/sites/default/files/documents/EmergingThreats_Rosenzweig.pdf
ENISA (2011) Fighting botnets: the need for global cooperation: building on EU good practices [Online]. Available at: http://www.enisa.europa.eu/activities/res/botnets/policy-statement
ENISA (2011) Cooperative models for effective public private partnerships good practice guide. Publications Office of the European Union, Luxembourg
Den Tekk K (2012) Netherlands bundles knowledge about cyber crime [Online]. Available at: http://www.rnw.nl/english/article/netherlands-bundles-knowledge-about-cyber-crime
NCSC (2012) The national cyber security centre (NCSC) bundles knowledge and expertise, News 02 January 2012 [Online]. Available from World Wide Web: https://www.ncsc.nl/english/current-topics/news/the-national-cyber-security-centre-ncsc-bundles-knowledge-and-expertise.html
Parliament of Australia (2010) Hackers, fraudsters and botnets: tackling the problem of cyber crime the report of the inquiry into cyber crime, Canberra
Assaf D (2008) Models of critical information infrastructure protection. Int J Crit Infrastruct Prot 1:6–14
Dunn-Cavelty M, Suter M (2009) Public–private partnerships are no silver bullet: an expanded governance model for critical infrastructure protection. In Int J Crit Infrastruct Prot 2(4)
Clinton L (2011) A relationship on the rocks: industry-government partnership for cyber defense. J Strateg Secur 4(2):97–112
Center for Democracy and Technology (2011) Improving our nation’s cybersecurity through the public–private partnership. A white paper. March 2011 [Online]. Available at: https://www.cdt.org/files/pdfs/20110308_cbyersec_paper.pdf
Information Technology Industry Council (2013) ITI position paper on the proposed “directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the union [Online]. Available at: http://www.itic.org/public-policy/cybersecurity?media=PRINT
Council of the European Union (2014) Note from presidency to delegations. Proposal for a directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the union. Preparations for the 1st informal exploratory trialogue. Brussels, 3 October 2014. Interinstitutional File: 2013/0027 (COD), 13848/14 [Online]. Available at: http://www.statewatch.org/news/2014/oct/eu-council-NIS-prep-trilogue-13848-14.pdf
Kuschewsky M (2014) Germany. New cybersecurity law draft proposed by interior ministry. Bloomberg BNA, World data protection report 14(9), September 2014. [Online]. Available at: http://www.cov.com/files/Publication/c0b01d1b-805d-493e-90a7-f44949b7bd99/Presentation/PublicationAttachment/99bd8387-f560-4253-8189-8abbd5c19c63/New_Cybersecurity_Law_Draft_Proposed_by_Interior_Ministry.pdf
Gabel D, Wieczorek M, Bogusch M (2014) Germany’s draft bill on IT security. White and case technology newsflash. August 2014 [Online]. Available at: http://www.whitecase.com/articles/082014/germany-draft-bill-on-it-security/#.VKKJo6BtAMR
Jones Day (2013) The cybersecurity debate: voluntary versus mandatory cooperation between the private sector and the federal government. A review of attempts at cybersecurity legislation and the obama administration’s administrative actions. [Online]. Available at: http://www.jonesday.com/files/Publication/49c491ff-7f05-4932-9287-2c07a131e83d/Presentation/PublicationAttachment/216181fe-3cff-4535-9232-2c603c8bf48b/Cybersecurity%20Debate.pdf
Arthur C (2014) EU network and information security directive: is it possible to legislate for cyber security? Group briefing, October 2014. [Online]. Available at: http://www.arthurcox.com/wp-content/uploads/2014/10/Arthur-Cox-EU-Network-and-Information-Security-Directive-October-2014.pdf
EuroWire (2014) EU cyber security policy in the age of Snowden [Online]. Available at: http://www.bfna.org/sites/default/files/publications/EuroWire%20Jan%202014.pdf
Ahlert C, Marsden C, Yung C (n.d.). How ‘liberty’ disappeared from cyberspace: the mystery shopper tests internet content selfregulation, [Online]. Available at: http://pcmlp.socleg.ox.ac.uk/sites/pcmlp.socleg.ox.ac.uk/files/liberty.pdf
Doelker A (2010) Self-regulation and co-regulation: prospects and boundaries in an online environment [Online]. Available at: http://circle.ubc.ca/handle/2429/27918
Buckland B, Schreier F, Winkler T (2010) DCAF HORIZON 2015 working paper no. 1. [Online]. Available at: http://dspace.africaportal.org/jspui/bitstream/123456789/29509/1/Democratic%20Governance%20Challenges%20of%20Cyber%20Security.pdf?1
Bigo D et al (2013) National programmes for mass surveillance of personal data in EU MS and their compatibility with EU law. Study Eur Parliament 2013
Shore M, Du Y, Zeadally S (2011) A public–private partnership model for national cybersecurity. Policy Int J 3(2):1
Lukasik SJ (2011) Protecting users from the cyber commons. Commun ACM 54(9):54–61
Van Eeten et al (2010) The role of internet service providers in botnet mitigation an empirical analysis based on spam data. [Online]. Available at: http://www.oecd.org/LongAbstract/0,3425,en_2649_33703_46396507_119684_1_1_1,00.html
UNICRI (2010) Handbook to assist the establishment of public–private partnerships to protect vulnerable targets. UNICRI Publisher
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 The Author(s)
About this chapter
Cite this chapter
Tropina, T. (2015). Public–Private Collaboration: Cybercrime, Cybersecurity and National Security. In: Self- and Co-regulation in Cybercrime, Cybersecurity and National Security. SpringerBriefs in Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-319-16447-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-16447-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16446-5
Online ISBN: 978-3-319-16447-2
eBook Packages: Computer ScienceComputer Science (R0)