Governing cyber crises: policy lessons from a comparative analysis

IF 3.1 Q1 PUBLIC ADMINISTRATION
François Delerue, Monica Kaminska
{"title":"Governing cyber crises: policy lessons from a comparative analysis","authors":"François Delerue, Monica Kaminska","doi":"10.1080/25741292.2023.2213061","DOIUrl":null,"url":null,"abstract":"In cyberspace, the notion of crisis is multifaceted. The complexity of cyber crises pertains to the diversity of actors, activities, targets, and effects involved, creating governance challenges. For example, information campaigns on the Internet have created a crisis of trust in political discourse and authority in many democratic societies. A recent ransomware attack by a criminal actor brought the entire nation of Costa Rica to a standstill. Incidents such as the state-sponsored SolarWinds and Microsoft Exchange hack have put pressure on the demarcation line between cyber espionage and disruptive cyber operations. Strategic shifts to more proactive and continuous operations as a method of addressing cyber conflict short of war raise questions about key concepts like sovereignty and breed concerns about crisis escalation. State-sponsored malware is increasingly being found in critical infrastructure and electoral systems. The current armed conflict in Ukraine, which has seen an unprecedented involvement of cyber hacktivist groups and private actors, brings to the fore new difficulties of cyber crisis management for both the belligerents and third states. These ongoing developments in the threat landscape continually shift the goal posts on acceptable state behavior in cyberspace. Despite important strides in cyber policy development by some governments, many strategies are still in the early stages of maturity and provide little guidance for the diversity of cyber crises that can unfold. Moreover, there is much variance in national, regional, and multilateral approaches to what is sometimes called a cyber “wild west” in the international realm, yet these divergences remain understudied. Additionally, states do not always abide by their own policies or the ones agreed internationally, both in their practice of offensive cyber operations and in addressing","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"127 - 130"},"PeriodicalIF":3.1000,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Policy Design and Practice","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/25741292.2023.2213061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"PUBLIC ADMINISTRATION","Score":null,"Total":0}
引用次数: 0

Abstract

In cyberspace, the notion of crisis is multifaceted. The complexity of cyber crises pertains to the diversity of actors, activities, targets, and effects involved, creating governance challenges. For example, information campaigns on the Internet have created a crisis of trust in political discourse and authority in many democratic societies. A recent ransomware attack by a criminal actor brought the entire nation of Costa Rica to a standstill. Incidents such as the state-sponsored SolarWinds and Microsoft Exchange hack have put pressure on the demarcation line between cyber espionage and disruptive cyber operations. Strategic shifts to more proactive and continuous operations as a method of addressing cyber conflict short of war raise questions about key concepts like sovereignty and breed concerns about crisis escalation. State-sponsored malware is increasingly being found in critical infrastructure and electoral systems. The current armed conflict in Ukraine, which has seen an unprecedented involvement of cyber hacktivist groups and private actors, brings to the fore new difficulties of cyber crisis management for both the belligerents and third states. These ongoing developments in the threat landscape continually shift the goal posts on acceptable state behavior in cyberspace. Despite important strides in cyber policy development by some governments, many strategies are still in the early stages of maturity and provide little guidance for the diversity of cyber crises that can unfold. Moreover, there is much variance in national, regional, and multilateral approaches to what is sometimes called a cyber “wild west” in the international realm, yet these divergences remain understudied. Additionally, states do not always abide by their own policies or the ones agreed internationally, both in their practice of offensive cyber operations and in addressing
治理网络危机:比较分析的政策教训
在网络空间中,危机的概念是多方面的。网络危机的复杂性与行动者、活动、目标和影响的多样性有关,这给治理带来了挑战。例如,互联网上的信息运动在许多民主社会造成了对政治话语和权威的信任危机。最近一名犯罪分子的勒索软件攻击使整个哥斯达黎加陷入瘫痪。政府支持的太阳风(SolarWinds)和微软交易所(Microsoft Exchange)遭黑客攻击等事件,给网络间谍活动与破坏性网络行动之间的界限带来了压力。作为解决网络冲突的一种方法,战略转向更主动、更持续的行动,引发了对主权等关键概念的质疑,并引发了对危机升级的担忧。国家支持的恶意软件越来越多地出现在关键的基础设施和选举系统中。乌克兰当前的武装冲突前所未有地卷入了网络黑客组织和私人行为体,这给交战双方和第三国都带来了网络危机管理的新困难。这些威胁形势的持续发展不断改变着网络空间中可接受的国家行为的门柱。尽管一些政府在网络政策制定方面取得了重大进展,但许多战略仍处于成熟的早期阶段,对可能出现的网络危机的多样性没有提供多少指导。此外,在国际领域中,国家、地区和多边方法在应对网络“蛮荒西部”方面存在很大差异,但这些差异仍未得到充分研究。此外,各国并不总是遵守自己的政策或国际商定的政策,无论是在进攻性网络行动的实践中还是在解决问题方面
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Policy Design and Practice
Policy Design and Practice PUBLIC ADMINISTRATION-
CiteScore
10.30
自引率
4.30%
发文量
19
审稿时长
13 weeks
期刊介绍:
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信