Governing cyber crises: policy lessons from a comparative analysis

IF 3.1 Q1 PUBLIC ADMINISTRATION

Policy Design and Practice Pub Date : 2023-04-03 DOI:10.1080/25741292.2023.2213061

François Delerue, Monica Kaminska

{"title":"Governing cyber crises: policy lessons from a comparative analysis","authors":"François Delerue, Monica Kaminska","doi":"10.1080/25741292.2023.2213061","DOIUrl":null,"url":null,"abstract":"In cyberspace, the notion of crisis is multifaceted. The complexity of cyber crises pertains to the diversity of actors, activities, targets, and effects involved, creating governance challenges. For example, information campaigns on the Internet have created a crisis of trust in political discourse and authority in many democratic societies. A recent ransomware attack by a criminal actor brought the entire nation of Costa Rica to a standstill. Incidents such as the state-sponsored SolarWinds and Microsoft Exchange hack have put pressure on the demarcation line between cyber espionage and disruptive cyber operations. Strategic shifts to more proactive and continuous operations as a method of addressing cyber conflict short of war raise questions about key concepts like sovereignty and breed concerns about crisis escalation. State-sponsored malware is increasingly being found in critical infrastructure and electoral systems. The current armed conflict in Ukraine, which has seen an unprecedented involvement of cyber hacktivist groups and private actors, brings to the fore new difficulties of cyber crisis management for both the belligerents and third states. These ongoing developments in the threat landscape continually shift the goal posts on acceptable state behavior in cyberspace. Despite important strides in cyber policy development by some governments, many strategies are still in the early stages of maturity and provide little guidance for the diversity of cyber crises that can unfold. Moreover, there is much variance in national, regional, and multilateral approaches to what is sometimes called a cyber “wild west” in the international realm, yet these divergences remain understudied. Additionally, states do not always abide by their own policies or the ones agreed internationally, both in their practice of offensive cyber operations and in addressing","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":null,"pages":null},"PeriodicalIF":3.1000,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Policy Design and Practice","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/25741292.2023.2213061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"PUBLIC ADMINISTRATION","Score":null,"Total":0}

引用次数: 0

Abstract

In cyberspace, the notion of crisis is multifaceted. The complexity of cyber crises pertains to the diversity of actors, activities, targets, and effects involved, creating governance challenges. For example, information campaigns on the Internet have created a crisis of trust in political discourse and authority in many democratic societies. A recent ransomware attack by a criminal actor brought the entire nation of Costa Rica to a standstill. Incidents such as the state-sponsored SolarWinds and Microsoft Exchange hack have put pressure on the demarcation line between cyber espionage and disruptive cyber operations. Strategic shifts to more proactive and continuous operations as a method of addressing cyber conflict short of war raise questions about key concepts like sovereignty and breed concerns about crisis escalation. State-sponsored malware is increasingly being found in critical infrastructure and electoral systems. The current armed conflict in Ukraine, which has seen an unprecedented involvement of cyber hacktivist groups and private actors, brings to the fore new difficulties of cyber crisis management for both the belligerents and third states. These ongoing developments in the threat landscape continually shift the goal posts on acceptable state behavior in cyberspace. Despite important strides in cyber policy development by some governments, many strategies are still in the early stages of maturity and provide little guidance for the diversity of cyber crises that can unfold. Moreover, there is much variance in national, regional, and multilateral approaches to what is sometimes called a cyber “wild west” in the international realm, yet these divergences remain understudied. Additionally, states do not always abide by their own policies or the ones agreed internationally, both in their practice of offensive cyber operations and in addressing

查看原文本刊更多论文

治理网络危机：比较分析的政策教训

在网络空间中，危机的概念是多方面的。网络危机的复杂性与行动者、活动、目标和影响的多样性有关，这给治理带来了挑战。例如，互联网上的信息运动在许多民主社会造成了对政治话语和权威的信任危机。最近一名犯罪分子的勒索软件攻击使整个哥斯达黎加陷入瘫痪。政府支持的太阳风(SolarWinds)和微软交易所(Microsoft Exchange)遭黑客攻击等事件，给网络间谍活动与破坏性网络行动之间的界限带来了压力。作为解决网络冲突的一种方法，战略转向更主动、更持续的行动，引发了对主权等关键概念的质疑，并引发了对危机升级的担忧。国家支持的恶意软件越来越多地出现在关键的基础设施和选举系统中。乌克兰当前的武装冲突前所未有地卷入了网络黑客组织和私人行为体，这给交战双方和第三国都带来了网络危机管理的新困难。这些威胁形势的持续发展不断改变着网络空间中可接受的国家行为的门柱。尽管一些政府在网络政策制定方面取得了重大进展，但许多战略仍处于成熟的早期阶段，对可能出现的网络危机的多样性没有提供多少指导。此外，在国际领域中，国家、地区和多边方法在应对网络“蛮荒西部”方面存在很大差异，但这些差异仍未得到充分研究。此外，各国并不总是遵守自己的政策或国际商定的政策，无论是在进攻性网络行动的实践中还是在解决问题方面

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Policy Design and Practice PUBLIC ADMINISTRATION-

CiteScore

10.30

自引率

4.30%

发文量

审稿时长

13 weeks

期刊介绍：