Despite its centrality in the national cyber security strategies of the US and the UK, the public–private partnership is a nebulous arrangement, which is especially problematic in the context of critical infrastructure protection. Privately owned and operated critical infrastructure that is regarded as a potential national security vulnerability raises questions about the allocation of responsibility and accountability in terms of cyber security. As with many aspects of cyber security, this issue is often discussed with little reference to previous scholarship that could provide conceptual scaffolding. This article draws on the extensive literature on public–private partnerships in order to assess the tensions and challenges of this arrangement in national cyber‐security strategies. It finds that there is a serious disjuncture in expectations from both ‘partners’. The government regards privately owned and operated critical infrastructure as a key element of national security but is reluctant to claim a mandate to oversee network security. At the same time, the private sector is not inclined to accept responsibility or liability for national cyber security. This challenge for governments to manage national cyber security raises questions about how well equipped these states are to promote their own security in the information age. Acknowledging the flaws in the ‘partnership’ is an essential step towards addressing them.
The multi-stakeholder model of global Internet governance has emerged as the dominant approach to navigating the complex set of interests, agendas and implications of our increasing dependence on this technology. Protecting this model of global governance in this context has been referred to by the US and EU as ?essential? to the future of the Internet. Bringing together actors from the private sector, the public sector and also civil society, multi-stakeholder Internet governance is not only regarded by many as the best way to organise around this particular issue, it is also held up as a potential template for the management of other ?post-state? issues. However, as a consequence of its normative aspirations to representation and power sharing, the multi-stakeholder approach to global Internet governance has received little critical attention. This paper examines the issues of legitimacy and accountability with regard to the ?rule-makers? and ?rule-takers? in this model and finds that it can also function as a mechanism for the reinforcement of existing power dynamics.Peer reviewe
Rapid technological innovations, including the emergence of the Internet of Things (IoT), introduce a range of uncertainties, opportunities, and risks. While it is not possible to accurately foresee IoT's myriad ramifications, futures and foresight methodologies allow for the exploration of plausible futures and their desirability. Drawing on the futures and foresight literature, the current paper employs a standardised expert elicitation approach to study emerging risk patterns in descriptions of IoT risk scenarios. We surveyed 19 IoT experts between January and February 2018 using an online questionnaire. The submitted scenarios provided expert's perception of evolving IoT risk trajectories and were evaluated using thematic analysis, a method used to identify and report patterns within data. Four common themes were extracted: physical safety; crime and exploitation; loss of control; and social norms and structures. These themes provide suitable analytical tools to contextualise emerging risks and help detecting gaps about security and privacy challenges in the IoT.
The standards landscape for IoT security is currently developing in a fragmented manner. This paper provides a review of the main IoT security standards and guidelines that have been developed by formal standardisation organisations and transnational industry associations and interest alliances to date. The review makes three main contributions to the study of current IoT standards-development processes. First, governments and regulatory agencies in the EU and the US are increasingly considering the promotion of baseline IoT security requirements, achieved through public procurement obligations and cybersecurity certification schemes. Second, the analysis reveals that the IoT security standards landscape is dominated by de facto standards initiated by a diverse range of industry associations across the IoT ecosystem. Third, the paper identifies a number of key challenges for IoT security standardisation, most notably: a) the difficulty of setting a baseline for IoT security across all IoT applications and domains; and b) the difficulty of monitoring the adoption, implementation and effectiveness of IoT security standards and best practices. The paper consequently contributes to a better understanding of the evolution of IoT security standards and proposes a more coherent standards development and deployment approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.