An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure
成果类型:
Article
署名作者:
Atkins, Sean; Lawson, Chappell
署名单位:
Massachusetts Institute of Technology (MIT); Massachusetts Institute of Technology (MIT)
刊物名称:
PUBLIC ADMINISTRATION REVIEW
ISSN/ISSBN:
0033-3352
DOI:
10.1111/puar.13322
发表日期:
2021
页码:
847-861
关键词:
regulatory capture
security
partnerships
performance
expertise
threats
HEALTH
摘要:
The last two decades have revealed the vulnerability of privately owned critical infrastructure-the power grid, pipelines, financial networks, and other vital systems-to cyberattack. The central U.S. response to this challenge has been a series of sectoral partnerships with private owner-operators of critical infrastructure, involving varying degrees of regulation. Qualitative analysis based on in-depth interviews with over 40 policymakers and senior private sector managers, as well as public documents, reveals considerable variation in how well this approach has worked in practice. The main predictors of policy success appear to be (a) the nature of the cyber threat to firms' operations and (b) regulatory pressure on firms. However, other factors-such as the nature of intra-industry competition-also affect how well the current regime works in specific sectors. Our findings have implications for public administration on civilian cybersecurity, as well as ramifications for regulation in other policy domains.