Encyclopedia of Security and Emergency Management

Living Edition
| Editors: Lauren R. Shapiro, Marie-Helen Maras

Cybersecurity: Policy

  • Alex ChungEmail author
  • Sneha Dawda
  • Atif Hussain
  • Siraj Ahmed Shaikh
  • Madeline Carr
Living reference work entry
First Online:
DOI: https://doi.org/10.1007/978-3-319-69891-5_20-1
How to cite

Definition

Cybersecurity policy refers to a course of action adopted by a state, an organization, or a set of actors with the aim of ensuring cybersecurity and/or digital competitiveness as well as defining the individual and collective responsibilities in pursuit of that goal.

Introduction: What Is Cybersecurity Policy and Why Does It Matter?

Cybersecurity policy refers to a course of action adopted by a state, an organization, or a set of actors with the aim of ensuring cybersecurity and/or digital competitiveness as well as defining the individual and collective responsibilities in pursuit of that goal. Broadly conceived, this area of public policy concerns complex, multifaceted, and dynamic security and business innovation related to information and communications technology (ICT). Cybersecurity policymaking includes legal, regulatory, technical, organizational, behavioral, international, and other capacity-building areas. Policy dimensions attached to these include information...

Keywords

Adaptive policymaking (APM) Agile governance Attribution Budapest Convention Critical infrastructure Cyber Cyberattack Cybercrime Cybersecurity European Union (EU) Evidence-based policymaking Geopolitics Incident response International relations Mutual legal assistance treaty (MLAT) UK National Cyber Security Centre (NCSC) National cyber security strategy (NCSS) US National Cyber Strategy (NCS) US National Security Strategy (NSS) Polycentric governance Public policy Public-private partnership Socio-technical Tallinn Manual United Kingdom (UK) United Nations (UN) United States (USA) Wicked problem 
This is a preview of subscription content, log in to check access.

References

  1. Ansley, R. (2017, February 15). Tallinn manual 2.0: Defending Cyberspace. Atlantic Council Blog.Google Scholar
  2. Bartholomew, B., & Gurrero-Saade, J. A. (2016). Wave your false flags! Deception tactics muddying attribution in targeted attacks. In Virus bulletin conference, October.Google Scholar
  3. BIICL. (2014, October 9). State responsibility for Cyber operations: International law issues: Event report. British Institute of International and Comparative Law.Google Scholar
  4. Carr, M. (2016a). Public-private partnerships in national cyber security strategies. International Affairs, 92(1), 43–62.CrossRefGoogle Scholar
  5. Carr, M. (2016b). Crossed wires: International cooperation on Cyber security. Journal of International Affairs, 2015/2016(2), 1–2.Google Scholar
  6. Clemente, D. (2013). Adaptive internet governance: Persuading the Swing States. Internet Governance Papers, No. 5, October.Google Scholar
  7. Haasnoot, M., Kwakkel, J. H., Walker, W. E., & ter Maat, J. (2013). Dynamic adaptive policy pathways: A method for crafting robust decisions for a deeply uncertain world. Global Environmental Change, 23(2), 485–498.CrossRefGoogle Scholar
  8. Hussain, A., Shaikh, S. A., Chung, A., Dawda, S., & Carr, M. (2018). An evidence quality assessment model for cybersecurity policymaking. In Technical proceedings: International Federation for Information Processing (IFIP) Conference, 13 March, Arlington.Google Scholar
  9. Mussington, D. (2018). Governing Cyber Security in Canada, Australia and the United States. In C. Leuprect & S. MacLellan (Eds.), Centre for International Governance Innovation: Special Report, April.Google Scholar
  10. Osborne, G. (2015). Chancellor’s speech to GCHQ on Cyber Security. UK HM Treasury online.Google Scholar
  11. Ostrom, V., Tiebour, C. M., & Warren, R. (1961). The organization of government in metropolitan areas: A theoretical inquiry. American Political Science Review, 55(4), 831–842.CrossRefGoogle Scholar
  12. Parcell, J., & Holden, S. H. (2013). Agile policy development for digital government: An exploratory case study. In Conference: Proceedings of the 14th annual international conference on digital government research.Google Scholar
  13. Rid, T., & Buchanan, T. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1/2), 4–37.CrossRefGoogle Scholar
  14. Tanczer, L., Brass, I., Elsden, M., Carr, M., & Blackstock, J. (2018). The United Kingdom’s emerging internet of things (IoT) policy landscape. In R. Ellis & V. Mohan (Ed.), Rewired: Cybersecurity governance. Hoboken: Wiley.Google Scholar
  15. techUK. (2015). UK’s digital economy is world leading in terms of proportion of GDP. 1 May.Google Scholar

Further Reading

  1. Her Majesty’s Government. (2016). National Cyber security strategy 2016–2021 (cited as NCSS).Google Scholar
  2. NCS. (2018). National Cyber strategy of the United States of America ‘National Cyber Strategy of the United States of America.’ The White House, Washington, DC, September.Google Scholar
  3. NSS. (2017). National Security strategy of the United States of America. The White House, Washington, DC, December.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Alex Chung
    • 1
    Email author
  • Sneha Dawda
    • 1
  • Atif Hussain
    • 2
  • Siraj Ahmed Shaikh
    • 2
  • Madeline Carr
    • 1
  1. 1.Department of Science, Technology, Engineering and Public Policy (UCL STEaPP)University College LondonLondonUK
  2. 2.Systems Security GroupInstitute for Future Transport and Cities (FTC), Coventry UniversityCoventryUK