Skip to main content
SpringerLink
Log in

Public–Private Collaboration: Cybercrime, Cybersecurity and National Security

  • Chapter
  • First Online:
Self- and Co-regulation in Cybercrime, Cybersecurity and National Security

Part of the book series: SpringerBriefs in Cybersecurity ((BRIEFSCYBER))

Abstract

This chapter analyses theoretical and practical implications of different forms of self- and co-regulation in the field of cybersecurity. In the past decade, the approaches to cybersecurity and critical information infrastructure protection have been based on the notion of the necessity for public–private collaboration, multifaceted strategies and recognition of the significant role that industry plays in securing the information networks. However, with the raise of cybersecurity on the top of the policy agenda, many governments and academics are concerned with the possible failure of the private sector in delivering acceptable level of security in the information networks without governmental intervention. This shift of the concept has lead to the proposals to legislate cybersecurity in the form of mandatory reporting of security incidents and obligations to share information, security standards and compliance procedures. One of such proposals is currently being discussed as EU NIS directive. These developments raise many concerns about shifting the balance in cybersecurity from bottom-up voluntary approaches and collaboration to a heavier regulation. This chapter argues that this turn can have negative consequences and that the best way to provide cybersecurity is the evolvement of the existing channels for collaboration and building trust between industry and governments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The full text of the indictment can be accessed on the website on the US Department of Justice: http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf.

  2. 2.

    The full text of the resolution is available at: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P7-TA-2014-0230.

  3. 3.

    The excerpt from the article “A Relationship on the Rocks: Industry-Government Partnership for Cyber Defense” written by Larry Clinton and published in the Journal of Strategic Security 4, no. 2 (2011): 97–112 is quoted with a kind permission of the Journal of Strategic Security.

  4. 4.

    See Amendment 132, European Parliament legislative resolution of 13 March 2014 on the proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union [COM(2013)0048—C7-0035/2013—2013/0027(COD)].

  5. 5.

    The text of amendment proposed by the European Council: Art. 3(8) “operator” means a public or private entity referred to in Annex II, which provides an essential service in the fields of infrastructure enabling the provision of information society services, energy, transport, banking, financial markets, health and water supply and which fulfils all of the following criteria:

    • the service depends heavily on network and information systems;

    • an incident to the network and information systems of the service having serious disruptive effects for critical social and economic activities [and/]or having [serious] public safety implications.

    “Each Member State shall identify on its territory entities, which meet the above definition of operator.” Council of the European Union [72].

  6. 6.

    The translation of the German IT security Draft law is cited from Kuschewsky [73].

  7. 7.

    e.g. Protecting cyberspace as a National Asset Act of 2010, Cybersecurity Act of 2010, Cybersecurity Act of 2012; for more information see [75].

  8. 8.

    Presidential Executive Order 2013 and a Cybersecurity Framework 2014 issued by the National Institute for Standards and Technology.

References

  1. Nye J (2010) Cyberpower. Belfer center for science and international affairs, Harvard Kennedy School, May 2010 [Online]. Available at: http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf

  2. Barrett et al (2011) Combating cybercrime. Principles, Policies, and Programs. April 2011, PayPal [Online]. Available at: https://www.paypal-media.com/assets/pdf/fact_sheet/PayPal_CombatingCybercrime_WP_0411_v4.pdf

  3. Finklea K, Theohary C (2013) Cybercrime: conceptual issues for congress and U.S. law enforcement [Online]. Available at: https://www.fas.org/sgp/crs/misc/R42547.pdf

  4. Hathaway O et al (2012) The law of cyber-attack. California Law Rev100(4), 2012; Yale Law and economics research paper no. 453; Yale Law School, public law working paper no. 258. Available at SSRN: http://ssrn.com/abstract=2134932

  5. Cornish P et al (2010) On cyber warfare. A chatham house report. November 2010 [Online]. Available at: https://www.chathamhouse.org/sites/files/chathamhouse/public/Research/International%20Security/r1110_cyberwarfare.pdf

  6. Bambauer D (2011) Conundrum. Minn Law Rev 96:584. [Online]. Available at SSRN: http://ssrn.com/abstract=1807076

  7. Tiirmaa-Klaar H (2013) Botnets, cybercrime and national security. In: Tiirmaa-Klaar et al. (2013) Botnets. SpringerBriefs in Cybersecurity Vol VIII, 2013

    Google Scholar 

  8. Watney M (2012) The way forward in addressing cybercrime regulation on a global level. J Int Technol Secured Trans (JITST) 1(1/2)

    Google Scholar 

  9. UNODC (2013) Comprehensive study on cybercrime. Draft—February 2013. UNODC Vienna

    Google Scholar 

  10. Brenner S (2007) At light speed: attribution and response to cybercrime/terrorism/warfare. J Crim L Criminol 97:379. [Online]. Available at SSRN: http://ssrn.com/abstract=1008542

  11. Bendiek A (2012) European cyber security policy. SWP research paper, Stiftung Wissenschaft und Politik German Institute for international and security affairs, RP 13 October 2012 Berlin

    Google Scholar 

  12. Bradley T (2012) When is a cybercrime an act of cyberwar? PC World [Online]. Available at: http://www.pcworld.com/article/250308/when_is_a_cybercrime_an_act_of_cyberwar_.html

  13. Maurer T (2011) Cyber norm emergence at the United Nations—An analysis of the activities at the UN regarding Cyber-security. [Online]. Available at: http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf

  14. Jang YJ, Lim BY (2013) Harmonization among national cyber security and cybercrime response organizations: new challenges of cybercrime [Online]. Available at: Cornell University Library http://arxiv.org/abs/1308.2362

  15. Office of the National Counterintelligence Executive (2011) Foreign spies stealing U.S. economic secrets in cyberspace: report to congress on foreign economic collection and industrial espionage, 2009–2011

    Google Scholar 

  16. Klimburg A (ed) (2012) National cyber security framework manual, NATO CCD COE Publication, Tallinn

    Google Scholar 

  17. e Silva K (2013) Europe’s fragmented approach towards cyber security. Int Policy Rev 2(4)

    Google Scholar 

  18. Center for Democracy and Technology (2013) Unpacking “cybersecurity”: threats, responses, and human rights considerations, 26 June 2013 [Online]. Available at: https://cdt.org/insight/unpacking-cybersecurity-threats-responses-and-human-rights-considerations/

  19. OECD (2012) Cybersecurity policy making at a turning point: analysing a new generation of national cybersecurity strategies for the internet economy. OECD Publishing

    Google Scholar 

  20. Brosseau E (2002) Internet regulation: does self-regulation require an institutional framework. In: DRUID summer conference on ”industrial dynamics of the new and old economy—who is embracing whom?” Copenhagen/Elsinore

    Google Scholar 

  21. Lovet G (2009) Fighting cybercrime: technical, juridical and ethical challenges. Virus bulletin conference September 2009. [Online]. Available at: http://www.fortiguard.com/sites/default/files/VB2009FightingCybercrime-Technical,Juridical and Ethical Challenges.pdf

  22. Vogel J (2007) Towards a global convention against cybercrime. World conference on penal law, Guadalajara, Mexico [Online]. Available at: http://www.penal.org/IMG/Guadalajara-Vogel.pdf

  23. Marsden C, Simmons S, Cave J (2006) Options for an effective-ness of internet self- and co-regulation. Phase 1 report: Mapping existing co- and self-regulatory institutions on the internet, RAND Europe [Online]. Available at: http://ec.europa.eu/dgs/information society/evaluation/data/pdf/studies/s2006 05/phase1.pdf

  24. Sahel J (2006) A new policy-making paradigm for the information society. TPRC conference, 2006 [Online]. Available at: http://web.si.umich.edu/tprc/papers/2006/635/NewParadigmInfoSociety.pdf

  25. Sieber U (2008) Mastering complexity in the global cyberspace: the harmonization of computer-related criminal law. In: Collection de L’UMR de Droit Compare de Paris, Bd. 15. Paris, Societe de legislation compare, pp 127–202

    Google Scholar 

  26. Alderson D, Soo Hoo K (2004) The role of economic incentives in securing cyberspace. Center for International Security and Cooperation, Stanford [Online]. Available at: http://cisac.fsi.stanford.edu/publications/role_of_economic_incentives_in_securing_cyberspace_the

  27. Lewis J (2005) Aux armes, citoyens: cyber security and regulation in the United States. 29 Telecomm Policy 11 (2005)

    Google Scholar 

  28. Cornish P (2011) The vulnerabilities of developed states to economic cyber warfare. Working paper [Online]. Available at: http://www.chathamhouse.org/sites/default/files/0611wp_cornish.pdf

  29. COE (2011) Global project on cybercrime, phase 2, summary [Online]. Available at: http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/cyoctopusinterface2011/2079%20adm%20pro%20summary%2026%20Sep%202011.pdf

  30. Brown A, Snower D (eds) (2011) global economic solutions 2010/2011. In: Proposals from the global economic symposium. Kiel, Germany; Kiel Institute for the World Economy. [Online]. Available at: http://www.syngentafoundation.org/__temp/Global_Economic_Solutions_2010-11.pdf

  31. OECD (2011) The role of internet intermediaries in advancing public policy objectives. OECD Publishing

    Google Scholar 

  32. Irion K (2013) The governance of network and information security in the European Union: The European public–private partnership for resilience (EP3R) In: Gaycken S, Krueger J, Nickolay B (eds), The secure information society, Springer, Berlin 2013, p 83–116

    Google Scholar 

  33. Cook D (2010) Mitigating cyber-threats through public–private partnerships: low cost governance with high-impact returns. In: Proceedings of the 1st international cyber resilience conference, Edith Cowan University, Perth, Western Australia, 23 August 2010

    Google Scholar 

  34. Dupont B (2013) Cybersecurity futures: how can we regulate emergent risks? Technol Innovation Manage Rev July 2013, [Online]. Available at: www.timreview.ca

  35. Malmström C (2012) Public–private cooperation in the fight against cybercrime. EU cybersecurity and digital crimes forum, Brussels, 31 May 2012. [Online]. Available at: http://europa.eu/rapid/press-release_SPEECH-12-409_en.htm?locale=en

  36. Gercke M, Tropina T, Lozanova Y, Sund C (2011) The role of ICT regulation in addressing offences in cyberspace. In: Trends in telecommunication reform November 2010. Enabling Tomorrow’s Digital World. ITU (2011)

    Google Scholar 

  37. Robinson N et al (2013) Data and security breaches and cyber-security strategies in the EU and its international counterparts. European Parliament, IP/A/ITRE/NT/2013-5 September 2013, PE 507.476

    Google Scholar 

  38. Schmidt A (2014) Open security. Contributions of networked approaches to the challenge of democratic internet security governance. In: Radu R, Chenou J-M, Weber R (eds) The evolution of global internet governance. Springer Berlin (2014)

    Google Scholar 

  39. Czosseck C, Ottis R, Ziolkowski K (eds) (2012) Conceptual framework for cyber defense information sharing within trust relationships. In: 2012 4th international conference on cyber conflict. 2012 NATO CCD COE Publications

    Google Scholar 

  40. The World Bank Group (n.d.) Global ICT department. Cybersecurity: a new model for protecting the network. [Online]. Available at: http://siteresources.worldbank.org/EXTINFORMATIONANDCOMMUNICATIONANDTECHNOLOGIES/Resources/CyberSecurity.pdf

  41. Bruce R et al (2005) TNO report. International policy framework for protecting critical information infrastructure: a discussion paper outlining key policy issues, [Online]. Available at: http://www.ists.dartmouth.edu/library/158.pdf

  42. Tropina T (2014) Fighting money laundering in the age of online banking, virtual currencies and internet gambling. ERA Forum 15(1):69–84

    Google Scholar 

  43. Fafinski S, Dutton W, Margetts H (2010) Mapping and measuring cybercrime. OII forum discussion paper no 18. [Online]. Available at: http://www.law.leeds.ac.uk/assets/files/staff/FD18.pdf

  44. Coyne C, Leeson P (2005) Who’s to protect cyberspace. J Law Econ Poly 1:473

    Google Scholar 

  45. ACMA (2011) Optimal conditions for effective self- and co-regulatory arrangements. Occasional paper. [Online]. Available at: http://www.acma.gov.au/webwr/_assets/main/lib311886/self-_and_co-regulatory_arrangements.pdf

  46. Senden L (2005) Soft law, self-regulation and co-regulation in European law: where do they meet? Electron J Comp Law 9(1)

    Google Scholar 

  47. Bartle, I, Vass P (2007) Self-regulation and the regulatory state: a survey of policy and practice. Publ Adm 85(4):885

    Google Scholar 

  48. Koops B (2010) Cybercrime legislation in the Netherlands. Electron J Comp Law 14.3 (December 2010), [Online]. Available at: http://www.ejcl.org

  49. Cannataci J, Bonnici J (2002) Can self-regulation satisfy the transnational requisite of successful internet regulation? In: 17th BILETA annual conference, Free University, Amsterdam, 5–6 April 2002. [Online]. Available at: www.bileta.ac.uk/02papers/cannataci.htm

  50. Clinton L (n/d) Cross cutting issue #2 how can we create public private partnerships that extend to action plans that work? (undated) Int Secur Alliance. [Online]. Available at: http://www.whitehouse.gov/cyberreview/documents/

  51. Brunst P, Sieber U (2010) Cybercrime legislation in Germany. In: German national reports to the XVIII. International congress of comparative law, Mohr-Siebeck, Tubingen, pp 711–800

    Google Scholar 

  52. Akdeniz Y (2001) Internet content regulation. UK government and the control of internet content, computer law and security report 17(5)

    Google Scholar 

  53. Cisco (2010) Annual security report highlighting global security threats and trends [Online]. Available at: http://www.cisco.com/en/US/prod/collateral/vpndevc/securityannualreport2010.pdf

  54. Choo R (2009) The organised cybercrime threat landscape, international serious and organised crime conference 2010, [Online]. Available at: http://www.aic.gov.au/events/aic%20upcoming%20events/2010/_/media/conferences/2010-isoc/presentations/choo.pdf

  55. Choo R, Smith R, Mccusker R (2007) Future directions in technology-enabled crime: 2007–09. In Res Publ Policy Ser 78:61–80

    Google Scholar 

  56. Seth K (2010) Evolving strategies for the enforcement of cyberlaws. High level consultation meeting for formulation of a national policy and action plan for enforcement of cyberlaw, New Delhi on 31 January 2010. [Online]. Available at: http://www.sethassociates.com/wp-content/uploads/Evolving-Strategies-for-the-Enforcement-of-Cyberlaws.pdf

  57. Gotlieb R (2011) Cybercop fights organized internet crime [Online]. Available at: http://www.miller-mccune.com/legal-affairs/cybercop-fights-organized-internet-crime-27897/

  58. Le Toquin J (n.d.) Public–private partnerships against cybercrime. [Online]. Available at: www.oecd.org/dataoecd/51/24/42534994.pdf

  59. Thomas R (2012) Securing cyberspace though public–private partnership. A comparative analysis of partnership models May 2012 [Online]. Available at: http://csis.org/files/publication/130819_tech_summary.pdf

  60. Devos S (2011) The google-NSA alliance: developing cybersecurity policy at internet speed. Fordham Intellect Prop Media Ent Law J 21(1). Article 5

    Google Scholar 

  61. Rosenzweig P (2011) Cybersecurity and public goods the public/private “partnership” [Online]. Available at: http://media.hoover.org/sites/default/files/documents/EmergingThreats_Rosenzweig.pdf

  62. ENISA (2011) Fighting botnets: the need for global cooperation: building on EU good practices [Online]. Available at: http://www.enisa.europa.eu/activities/res/botnets/policy-statement

  63. ENISA (2011) Cooperative models for effective public private partnerships good practice guide. Publications Office of the European Union, Luxembourg

    Google Scholar 

  64. Den Tekk K (2012) Netherlands bundles knowledge about cyber crime [Online]. Available at: http://www.rnw.nl/english/article/netherlands-bundles-knowledge-about-cyber-crime

  65. NCSC (2012) The national cyber security centre (NCSC) bundles knowledge and expertise, News 02 January 2012 [Online]. Available from World Wide Web: https://www.ncsc.nl/english/current-topics/news/the-national-cyber-security-centre-ncsc-bundles-knowledge-and-expertise.html

  66. Parliament of Australia (2010) Hackers, fraudsters and botnets: tackling the problem of cyber crime the report of the inquiry into cyber crime, Canberra

    Google Scholar 

  67. Assaf D (2008) Models of critical information infrastructure protection. Int J Crit Infrastruct Prot 1:6–14

    Google Scholar 

  68. Dunn-Cavelty M, Suter M (2009) Public–private partnerships are no silver bullet: an expanded governance model for critical infrastructure protection. In Int J Crit Infrastruct Prot 2(4)

    Google Scholar 

  69. Clinton L (2011) A relationship on the rocks: industry-government partnership for cyber defense. J Strateg Secur 4(2):97–112

    Google Scholar 

  70. Center for Democracy and Technology (2011) Improving our nation’s cybersecurity through the public–private partnership. A white paper. March 2011 [Online]. Available at: https://www.cdt.org/files/pdfs/20110308_cbyersec_paper.pdf

  71. Information Technology Industry Council (2013) ITI position paper on the proposed “directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the union [Online]. Available at: http://www.itic.org/public-policy/cybersecurity?media=PRINT

  72. Council of the European Union (2014) Note from presidency to delegations. Proposal for a directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the union. Preparations for the 1st informal exploratory trialogue. Brussels, 3 October 2014. Interinstitutional File: 2013/0027 (COD), 13848/14 [Online]. Available at: http://www.statewatch.org/news/2014/oct/eu-council-NIS-prep-trilogue-13848-14.pdf

  73. Kuschewsky M (2014) Germany. New cybersecurity law draft proposed by interior ministry. Bloomberg BNA, World data protection report 14(9), September 2014. [Online]. Available at: http://www.cov.com/files/Publication/c0b01d1b-805d-493e-90a7-f44949b7bd99/Presentation/PublicationAttachment/99bd8387-f560-4253-8189-8abbd5c19c63/New_Cybersecurity_Law_Draft_Proposed_by_Interior_Ministry.pdf

  74. Gabel D, Wieczorek M, Bogusch M (2014) Germany’s draft bill on IT security. White and case technology newsflash. August 2014 [Online]. Available at: http://www.whitecase.com/articles/082014/germany-draft-bill-on-it-security/#.VKKJo6BtAMR

  75. Jones Day (2013) The cybersecurity debate: voluntary versus mandatory cooperation between the private sector and the federal government. A review of attempts at cybersecurity legislation and the obama administration’s administrative actions. [Online]. Available at: http://www.jonesday.com/files/Publication/49c491ff-7f05-4932-9287-2c07a131e83d/Presentation/PublicationAttachment/216181fe-3cff-4535-9232-2c603c8bf48b/Cybersecurity%20Debate.pdf

  76. Arthur C (2014) EU network and information security directive: is it possible to legislate for cyber security? Group briefing, October 2014. [Online]. Available at: http://www.arthurcox.com/wp-content/uploads/2014/10/Arthur-Cox-EU-Network-and-Information-Security-Directive-October-2014.pdf

  77. EuroWire (2014) EU cyber security policy in the age of Snowden [Online]. Available at: http://www.bfna.org/sites/default/files/publications/EuroWire%20Jan%202014.pdf

  78. Ahlert C, Marsden C, Yung C (n.d.). How ‘liberty’ disappeared from cyberspace: the mystery shopper tests internet content selfregulation, [Online]. Available at: http://pcmlp.socleg.ox.ac.uk/sites/pcmlp.socleg.ox.ac.uk/files/liberty.pdf

  79. Doelker A (2010) Self-regulation and co-regulation: prospects and boundaries in an online environment [Online]. Available at: http://circle.ubc.ca/handle/2429/27918

  80. Buckland B, Schreier F, Winkler T (2010) DCAF HORIZON 2015 working paper no. 1. [Online]. Available at: http://dspace.africaportal.org/jspui/bitstream/123456789/29509/1/Democratic%20Governance%20Challenges%20of%20Cyber%20Security.pdf?1

  81. Bigo D et al (2013) National programmes for mass surveillance of personal data in EU MS and their compatibility with EU law. Study Eur Parliament 2013

    Google Scholar 

  82. Shore M, Du Y, Zeadally S (2011) A public–private partnership model for national cybersecurity. Policy Int J 3(2):1

    Google Scholar 

  83. Lukasik SJ (2011) Protecting users from the cyber commons. Commun ACM 54(9):54–61

    Article  Google Scholar 

  84. Van Eeten et al (2010) The role of internet service providers in botnet mitigation an empirical analysis based on spam data. [Online]. Available at: http://www.oecd.org/LongAbstract/0,3425,en_2649_33703_46396507_119684_1_1_1,00.html

  85. UNICRI (2010) Handbook to assist the establishment of public–private partnerships to protect vulnerable targets. UNICRI Publisher

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Max Planck Institute for Foreign & International Criminal Law, Freiburg, Baden-Württemberg, Germany

    Tatiana Tropina

Authors
  1. Tatiana Tropina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tatiana Tropina .

Rights and permissions

Reprints and permissions

Copyright information

© 2015 The Author(s)

About this chapter

Cite this chapter

Tropina, T. (2015). Public–Private Collaboration: Cybercrime, Cybersecurity and National Security. In: Self- and Co-regulation in Cybercrime, Cybersecurity and National Security. SpringerBriefs in Cybersecurity. Springer, Cham. https://doi.org/10.1007/978-3-319-16447-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16447-2_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16446-5

  • Online ISBN: 978-3-319-16447-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation