Crime, Law and Social Change

, Volume 67, Issue 3, pp 265–288 | Cite as

A typology of cybersecurity and public-private partnerships in the context of the EU

  • Raphael BossongEmail author
  • Ben Wagner


Current discussions on security on the Internet mostly revolve around the necessity and limits of public action in the face of a decentralised and privately owned or operated space [1, 2]. Unsurprisingly, the question of public authority particularly comes to the fore in matters of security. The original vision of an entirely self-regulated as well as resilient, decentralised Internet has come under severe stress due to structural vulnerabilities beyond the reach of any individual actor [3]. These vulnerabilities are increasingly exploited by a growing number of harmful actors, which are also increasingly putting their services and malware products on sale and wide access. This calls for more multi-faced and coordinated governance approaches to improve security on the Internet that is typically termed ‘cybersecurity’ [4].1 In short, to provide cybersecurity public and private actors clearly need to engage with each other [5]. This is reflected in a growing number of...


Corporate Social Responsibility Public Authority Public Actor Private Actor Public Private Partnership 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Eriksson, J., & Giacomello, G. (2009). Who controls the internet? Beyond the obstinacy or obsolescence of the State. International Studies Review, 11(1), 205–230.CrossRefGoogle Scholar
  2. 2.
    Radu, Roxana, Jean-Marie Chenou, and Rolf H Weber. 2014. The evolution of global internet governance: principles and policies in the making. Vol. 56: Springer Science & Business Media.Google Scholar
  3. 3.
    Mueller, M., Schmidt, A., & Kuerbis, B. (2013). Internet security and networked governance in international relations. International Studies Review, 15(1), 86–104.CrossRefGoogle Scholar
  4. 4.
    Von Solms Rossouw, and Johan Van Niekerk. 2013. "From information security to cyber security." Computers & Security 38:97–102.Google Scholar
  5. 5.
    Tropina, Tatiana. 2015. "Public–Private Collaboration: Cybercrime, Cybersecurity and National Security." In Self-and Co-regulation in Cybercrime, Cybersecurity and National Security, 1–41. Springer.Google Scholar
  6. 6.
    Min, K.-S., Chai, S.-W., & Han, M. (2015). An International Comparative Study on Cyber Security Strategy. International Journal of Security and Its Applications, 9(2), 13–20.CrossRefGoogle Scholar
  7. 7.
    Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International Affairs, 92(1), 43–62.CrossRefGoogle Scholar
  8. 8.
    Dunn-Cavelty, M., & Suter, M. (2009). Public–Private Partnerships are no silver bullet: An expanded governance model for Critical Infrastructure Protection. International Journal of Critical Infrastructure Protection, 2(4), 179–187.CrossRefGoogle Scholar
  9. 9.
    van Dijck, J. (2014). Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology. Surveillance & Society, 12(2), 197–208.Google Scholar
  10. 10.
    Bevir, M. (2014). The Rise of Security Governance. In M. Bevir, O. Daddow, & I. Hall (Eds.), Interpreting Global Security, (pp. 17–34). London: Routledge.Google Scholar
  11. 11.
    Hameiri, Shahar, and Lee Jones. 2015. Governing Borderless Threats: Non-traditional Security and the Politics of State Transformation: Cambridge University Press.CrossRefGoogle Scholar
  12. 12.
    Nance, M., & Cottrell, P. (2014). A turn toward experimentalism? Rethinking security and governance in the twenty-first century. Review of International Studies, 40(02), 277–301. doi: 10.1017/S026021051300017X.CrossRefGoogle Scholar
  13. 13.
    Crawford, A. (2006). Networked governance and the post-regulatory state? Steering, rowing and anchoring the provision of policing and security. Theoretical Criminology, 10(4), 449–479.CrossRefGoogle Scholar
  14. 14.
    Ehrhart, H.-G., Hegemann, H., & Kahl, M. (2014). Putting security governance to the test: conceptual, empirical, and normative challenges. European Security, 23(2), 119–125.CrossRefGoogle Scholar
  15. 15.
    Kennedy, David. 2016. A World of Struggle: How Power, Law, and Expertise Shape Global Political Economy: Princeton University Press.Google Scholar
  16. 16.
    Christou, G., & Simpson, S. (2006). The Internet and public–private governance in the European Union. Journal of Public Policy, 26(01), 43–61.CrossRefGoogle Scholar
  17. 17.
    Procedda, M. (2014). Public-Private Partnerships: A soft approach to cybersecurity? Views from the European Union. In G. Giacomello (Ed.), Security in Cyberspace: Targeting Nations, Infrastructures, Individual. New York, London: Bloomsbury Academic.Google Scholar
  18. 18.
    Fahey, Elaine. 2014. "EU's Cybercrime and Cyber-Security Rulemaking: Mapping the Internal and External Dimensions of EU Security, The." Eur. J. Risk Reg.:46.Google Scholar
  19. 19.
    EU. 2013. "Joint Communication on the Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace " JOIN(2013) 1 final
  20. 20.
    European Commission (2015). The European Agenda on Security. COM, 2015, 185 . Google Scholar
  21. 21.
    Grimsey, Darrin, and Mervyn Lewis. 2007. Public private partnerships: The worldwide revolution in infrastructure provision and project finance: Edward Elgar Publishing.Google Scholar
  22. 22.
    Schneider, A. L. (1999). Public-private partnerships in the US prison system. American Behavioral Scientist, 43(1), 192–208.CrossRefGoogle Scholar
  23. 23.
    Bovaird, T. (2004). Public–Private Partnerships: from Contested Concepts to Prevalent Practice. International Review of Administrative Sciences, 70(2), 199–215. doi: 10.1177/0020852304044250.CrossRefGoogle Scholar
  24. 24.
    Hodge, G. A., & Greve, C. (2007). Public–private partnerships: an international performance review. Public Administration Review, 67(3), 545–558.CrossRefGoogle Scholar
  25. 25.
    Reynaers, A.-M., & De Graaf, G. (2014). Public Values in Public–Private Partnerships. International Journal of Public Administration, 37(2), 120–128.CrossRefGoogle Scholar
  26. 26.
    Forrer, J., Kee, J. E., Newcomer, K. E., & Boyer, E. (2010). Public–private partnerships and the public accountability question. Public Administration Review, 70(3), 475–484.CrossRefGoogle Scholar
  27. 27.
    Willems, T., & Van Dooren, W. (2011). Lost in diffusion? How collaborative arrangements lead to an accountability paradox. International Review of Administrative Sciences, 77(3), 505–530.CrossRefGoogle Scholar
  28. 28.
    Hodge, Graeme A, and Carsten Greve. 2005. The challenge of public-private partnerships: Learning from international experience: Edward Elgar Publishing.Google Scholar
  29. 29.
    European Commission. 2004. "Green paper on public-private partnerships and community law on public contracts and concessions." COM (2004) 327 final.Google Scholar
  30. 30.
    United Nations Economic Commission for Europe. 2008. "Guidebook on promoting good governance in public private partnerships." ECE/CECI/4.Google Scholar
  31. 31.
    Van, d. H., Martijn, L. B., Lember, V., Petersen, O. H., & Witz, P. (2015). National varieties of Public–Private Partnerships (PPPs): A comparative analysis of PPP-supporting units in 19 European countries (pp. 1–20). Research and Practice: Journal of Comparative Policy Analysis.Google Scholar
  32. 32.
    Roumboutsos, Athena. 2015. Public Private Partnerships in Transport: Trends and Theory: Routledge.Google Scholar
  33. 33.
    Linder, S. H. (1999). Coming to terms with the public-private partnership a grammar of multiple meanings. American Behavioral Scientist, 43(1), 35–51.CrossRefGoogle Scholar
  34. 34.
    Bovis, C. H. (2015). Risk in Public-Private Partnerships and Critical Infrastructure. European Journal of Risk Regulation, 6(2).Google Scholar
  35. 35.
    Hans, V. D., Sarmento, J. M., & Renneboog, L. (2016). Anatomy of public-private partnerships: their creation, financing and renegotiations. International Journal of Managing Projects in Business, 9(1), 94–122.CrossRefGoogle Scholar
  36. 36.
    Van, D. H., Martijn, & Verhoest, K. (2016). The challenge of using standard contracts in public–private partnerships. Public Management Review, 18(2), 278–299.CrossRefGoogle Scholar
  37. 37.
    Brinkerhoff, D. W., & Brinkerhoff, J. M. (2011). Public–private partnerships: perspectives on purposes, publicness, and good governance. Public Administration and Development, 31(1), 2–14.CrossRefGoogle Scholar
  38. 38.
    Bovis, Christopher. 2013. Public-private Partnerships in the European Union: Routledge.Google Scholar
  39. 39.
    Gómez-Barroso, J. L., & Feijóo, C. (2010). A conceptual framework for public-private interplay in the telecommunications sector. Telecommunications Policy, 34(9), 487–495.CrossRefGoogle Scholar
  40. 40.
    Braman, S. (2011). The Framing Years: Policy Fundamentals in the Internet Design Process, 1969–1979. The Information Society, 27, 295–310.CrossRefGoogle Scholar
  41. 41.
    Townes, M. (2012). The spread of TCP/IP: How the Internet became the Internet. Millennium-Journal of International Studies, 41(1), 43–64.CrossRefGoogle Scholar
  42. 42.
    LaRose, R., Bauer, J. M., DeMaagd, K., Chew, H. E., Ma, W., & Jung, Y. (2014). Public broadband investment priorities in the United States: an analysis of the broadband technology opportunities program. Government Information Quarterly, 31(1), 53–64. doi: 10.1016/j.giq.2012.11.004.CrossRefGoogle Scholar
  43. 43.
    Narayanan, A., Jain, A., & Bowonder, B. (2005). Providing rural connectivity infrastructure: ICT diffusion through private sector participation. International Journal of Services, Technology and Management, 6(3–5), 416–436.CrossRefGoogle Scholar
  44. 44.
  45. 45.
    Héritier, A. (2001). Market integration and social cohesion: the politics of public services in European regulation. Journal of European Public Policy, 8(5), 825–852. doi: 10.1080/13501760110083536.CrossRefGoogle Scholar
  46. 46.
    Graz, Jean-Christophe, and Andreas Nölke. 2007. Transnational private governance and its limits: Routledge.Google Scholar
  47. 47.
    Harcourt, A. (2013). Participatory Gains and Policy Effectiveness: The Open Method of Co-ordination Information Society. JCMS: Journal of Common Market Studies, 51(4), 667–683. doi: 10.1111/jcms.12022.Google Scholar
  48. 48.
    Börzel, T. (2010). European governance: negotiation and competition in the shadow of hierarchy. JCMS: Journal of Common Market Studies, 48(2), 191–219.Google Scholar
  49. 49.
    Wagner, B. (2014). The politics of internet filtering: The United Kingdom and Germany in a comparative perspective. Politics, 34(1), 58–71.CrossRefGoogle Scholar
  50. 50.
    Wiater, P. (2015). On the notion of" Partnership" in Critical Infrastructure Protection. European Journal of Risk Regulation, 6(2), 255–262.CrossRefGoogle Scholar
  51. 51.
    Bauer, J. M. (2010). Changing roles of the state in telecommunications. International Telecommunications Policy Review, 17(1).Google Scholar
  52. 52.
    European Commission. 2013. "Proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union." COM(2013) 48 final
  53. 53.
    Marsden, Christopher T. 2011. Internet co-regulation: European law, regulatory governance and legitimacy in cyberspace: Cambridge University Press.Google Scholar
  54. 54.
    Tropina, T., & Callanan, C. (2015). Self-and Co-regulation in Cybercrime, Cybersecurity and National Security. Heidelberg: Springer.CrossRefGoogle Scholar
  55. 55.
    Bendiek, A., & Porter, A. L. (2013). European Cyber Security Policy within a Global Multistakeholder Structure. European Foreign Affairs Review, 18(2), 155–180.Google Scholar
  56. 56.
    Carr, M. (2015). Power Plays in Global Internet Governance. Millennium - Journal of International Studies, 43(2), 640–659. doi: 10.1177/0305829814562655.CrossRefGoogle Scholar
  57. 57.
    Chenou, J.-M. (2014). From Cyber-Libertarianism to Neoliberalism: Internet Exceptionalism, Multi-stakeholderism, and the Institutionalisation of Internet Governance in the 1990s. Globalizations, 11(2), 205–223.CrossRefGoogle Scholar
  58. 58.
    Cavelty, D., & Myriam (2013). From Cyber-Bombs to Political Fallout: Threat Representations with an Impact in the Cyber-Security Discourse. International Studies Review, 15(1), 105–122.CrossRefGoogle Scholar
  59. 59.
    Hansen, L., & Nissenbaum, H. (2009). Digital disaster, cyber security, and the Copenhagen School. International Studies Quarterly, 53(4), 1155–1175.CrossRefGoogle Scholar
  60. 60.
    Wagner, Ben. forthcoming. "Constructed "Cyber" Realities & International Relations Theory. ." In Technology and International Relations Theory, edited by R Marlin-Bennett and J. P. Singh. Cambridge: CUP.Google Scholar
  61. 61.
    Schmidt, A. (2014). Open Security. Contributions of Networked Approaches to the Challenge of Democratic Internet Security Governance. In R. Radu, J.-M. Chenou, & R. H. Weber (Eds.), The Evolution of Global Internet Governance (pp. 169–187). Berlin Heidelberg: Springer.CrossRefGoogle Scholar
  62. 62.
    Choucri, N., & Clark, D. D. (2012). Integrating Cyberspace and International Relations: The Co-Evolution Dilemma. In Explorations in Cyber-International Relations: Who Controls Cyberspace? Cambridge, MA: MIT.Google Scholar
  63. 63.
    DeNardis, L. (2012). Hidden levers of Internet control: An infrastructure-based theory of Internet governance. Information, Communication & Society, 15(5), 720–738.CrossRefGoogle Scholar
  64. 64.
    Mathew, Ashwin Jacob. 2014. Where in the World is the Internet? Locating Political Power in Internet Infrastructure. University of California, Berkeley.
  65. 65.
    DeNardis, Laura. 2014. The global war for internet governance: Yale University Press.Google Scholar
  66. 66.
    Ruiz, Jeanette B, and George A Barnett. 2014. "Who owns the international Internet networks?" Journal of International Communication 21 (1):38–57.Google Scholar
  67. 67.
    Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314(5799), 610–613.CrossRefGoogle Scholar
  68. 68.
    August, T., & Tunca, T. I. (2011). Who should be responsible for software security? A comparative analysis of liability policies in network environments. Management Science, 57(5), 934–959.CrossRefGoogle Scholar
  69. 69.
    Brown, Ian, and Christopher T Marsden. 2013. Regulating code: Good governance and better regulation in the Information Age: MIT Press.Google Scholar
  70. 70.
    Edwards, Benjamin, Michael Locasto, and Jeremy Epstein. 2014. "Panel Summary: The Future of Software Regulation." Proceedings of the 2014 workshop on New Security Paradigms Workshop,
  71. 71.
    Kleinschmidt, Broder. 2010. "An International Comparison of ISP's Liabilities for Unlawful Third Party Content." International Journal of Law and Information Technology:eaq009.Google Scholar
  72. 72.
    Rowe, Brent, and Dallas Wood. 2013. "Are Home Internet Users Willing to Pay ISPs for Improvements in Cyber Security?" In Economics of Information Security and Privacy III, 193–212. Springer.Google Scholar
  73. 73.
    Usman, S. H. (2013). A review of responsibilities of internet service providers towards their customer network security. Journal of Theoretical and Applied Information Technology, 49(1), 70–78.Google Scholar
  74. 74.
    Van Eijk Nico. 2013. "Duties of care on the Internet." In The Secure Information Society, 57–81. Springer.Google Scholar
  75. 75.
    Clark, David, Thomas Berson, and Herbert S Lin. 2014. At the Nexus of Cybersecurity and Public Policy:: Some Basic Concepts and Issues: National Academies Press.Google Scholar
  76. 76.
    Cohen-Almagor, R. (2015). Internet architecture, freedom of expression and social responsibility: critical realism and proposals for a better future. Innovation: The European Journal of Social Science Research, 28(2), 147–166.Google Scholar
  77. 77.
    Horten, Monica. 2015. "The Policy Challenge of Content Restrictions: How Private Actors Engage the Duties of States." Media@LSE Working Paper 34 (
  78. 78.
    Parti, K., & Marin, L. (2013). Ensuring freedoms and protecting rights in the governance of the Internet: a comparative analysis of blocking measures of illegal Internet content and the liability of ISPs. Journal of Contemporary European Research, 9(1), 138–159.Google Scholar
  79. 79.
    August, T., August, R., & Shin, H. (2014). Designing user incentives for cybersecurity. Communications of the ACM, 57(11), 43–46.CrossRefGoogle Scholar
  80. 80.
    Camp, L. J. (2011). Reconceptualizing the role of security user. Daedalus, 140(4), 93–107.CrossRefGoogle Scholar
  81. 81.
    Hare, Forest. 2010. "The interdependent nature of national cyber security: motivating public action for a private good." PhD, George Mason University ( Scholar
  82. 82.
    Kaijankoski, Eric A. 2015. Cybersecurity Information Sharing Between Public Private Sector Agencies. DTIC Document.
  83. 83.
    Suter, M. (2007). Improving information security in companies: How to meet the need for threat information. In M. D. Cavelty, V. Mauer, & S. F. Krishna-Hensel (Eds.), Power and Security in the Information Age: Investigating the Role of the State in Cyberspace, Aldershot: Ashgate (pp. 129–150). Aldershot: Ashgate.Google Scholar
  84. 84.
    Bauer, J. M., JG, M., & Eeten, V. (2009). Cybersecurity: Stakeholder incentives, externalities, and policy options. Telecommunications Policy, 33(10), 706–719.CrossRefGoogle Scholar
  85. 85.
    Dourado, E., & Castillo, A. (2015). "Information Sharing”: No panacea for American cybersecurity challenges. Mercatus Center Policy Paper: George Mason University Scholar
  86. 86.
    Nolan, A. (2015). Cybersecurity and Information Sharing: Legal Challenges and Solutions. Congressional Research Service, 7–5700
  87. 87.
    Kesan, J. P., & Hayes, C. M. (2015). Creating a “Circle of Trust” to Further Digital Privacy and Cybersecurity Goals. Michigan State Law Review, 2014(5), 1475.Google Scholar
  88. 88.
    Rosenzweig, Paul. 2011. Cybersecurity and Public goods. The Public/Private “Partnership”. In Emerging Threats in National Security and Law, edited by Peter Berkowitz. Stanford: Hoover institution, Stanford University.Google Scholar
  89. 89.
    Prince, Daniel, and Nick King. 2013. "Small business cyber security workshop 2013: towards digitally secure business growth."
  90. 90.
    Lagazio, M., Sherif, N., & Cushman, M. (2014). A multi-level approach to understanding the impact of cyber crime on the financial sector. Computers & Security, 45, 58–74.CrossRefGoogle Scholar
  91. 91.
    Brown, I., & Cowls, J. (2015). Check the web: assessing the ethics of politics of policing the internet for extremist material. Voxpol: Report Scholar
  92. 92.
    European Union (2013). Regulation (EU) No 526/2013 of the European Parliament and of the Council of 21 May 2013 concerning the European Union Agency for Network and Information Security (ENISA) and repealing Regulation (EC) No 460/2004 Text with EEA relevance. OJ L, 165, 41–58.Google Scholar
  93. 93.
  94. 94.
    Commission of the European Communities. 2009. Communication from the Commission..on Critical Information Infrastructure Protection. "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience". COM(2009) 149 final.Google Scholar
  95. 95.
    Irion, K. (2013). The Governance of Network and Information Security in the European Union: The European Public-Private Partnership for Resilience (EP3R). In J. Krüger, B. Nickolay, & S. Gaycken (Eds.), The Secure Information Society (pp. 83–116). London: Springer.CrossRefGoogle Scholar
  96. 96.
  97. 97.
    Morgus, Robert, Isabel Skierka, Mirko Hohmann, and Tim Maurer. 2015. "National CSIRTs and Their Role in Computer Security Incident."Google Scholar
  98. 98.
    RAND Europe. 2012. "Feasibility Study for a European Cybercrime Centre."
  99. 99.
    Reitano, T., Oerting, T., & Hunter, M. (2015). Innovations in International Cooperation to Counter Cybercrime: The Joint Cybercrime Action Taskforce. The European Review of Organised Crime, 2(2), 142–154.Google Scholar
  100. 100.
    General Secretariat of the Council. 2015. "Friends of the Presidency Group on Cyber Issues." 15059/15.Google Scholar
  101. 101.
    Council of the European Union. 2015. "EU Internet Referral Unit at Europol - Concept note." 7266/15.Google Scholar
  102. 102.
    European Commission. 2012. "Internet Policy and Governance Europe's role in shaping the future of Internet Governance." COM/2014/072 final Google Scholar
  103. 103.
    Wagner, Ben, Kirsten Gollatz, and Andrea Calderaro. 2014. "Internet & Human Rights in Foreign Policy: comparing narratives in the US and EU Internet Governance agenda." Robert Schuman Centre for Advanced Studies Research Paper No. RSCAS 86.Google Scholar
  104. 104.
    Walker, C., & Conway, M. (2015). Online terrorism and online laws. Dynamics of Asymmetric Conflict, 8(2), 156–175. doi: 10.1080/17467586.2015.1065078.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2016

Authors and Affiliations

  1. 1.German Institute for International and Security AffairsBerlinGermany
  2. 2.Europe University ViadrinaFrankfurtGermany

Personalised recommendations