G. Mott, Jason R. C. Nurse, Christopher Baker‐Beall
{"title":"Preparing for future cyber crises: lessons from governance of the coronavirus pandemic","authors":"G. Mott, Jason R. C. Nurse, Christopher Baker‐Beall","doi":"10.1080/25741292.2023.2205764","DOIUrl":"https://doi.org/10.1080/25741292.2023.2205764","url":null,"abstract":"Abstract The SARS-CoV-2 pandemic has had an immense impact on public policy and the management of risks that threaten critical systems, such as national health services. Drawing on perspectives from multiple disciplines, this article considers lessons-learned with respect to mitigating the threats to critical systems and societal harms presented by the proliferation of malware. The article dovetails crisis management with cyber resilience, for the purpose of analyzing transferable good-practices and areas-for-improvement, drawing on preparedness and response strategies deployed in public policymaking in the United Kingdom during the pandemic. Reflecting on key national and local ransomware incidents that have impacted key services, the article offers a post-SARS-CoV-2 review of recent British strategic outputs with respect to cyber resilience; most notably the National Cyber Security Strategy and the Government Cyber Security Strategy. The article focuses on lessons that may be learned with respect to communications strategies. The article argues that although the recent British cyber-security strategies hold significant promise in terms of improving preparedness, response and recovery in relation to future cyber crisis, nuanced, dynamic and empathetic multi-stakeholder engagement will be required in order to meaningfully implement the measures outlined in the strategy documents.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"160 - 181"},"PeriodicalIF":7.0,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41390166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Governing cyber crises: policy lessons from a comparative analysis","authors":"François Delerue, Monica Kaminska","doi":"10.1080/25741292.2023.2213061","DOIUrl":"https://doi.org/10.1080/25741292.2023.2213061","url":null,"abstract":"In cyberspace, the notion of crisis is multifaceted. The complexity of cyber crises pertains to the diversity of actors, activities, targets, and effects involved, creating governance challenges. For example, information campaigns on the Internet have created a crisis of trust in political discourse and authority in many democratic societies. A recent ransomware attack by a criminal actor brought the entire nation of Costa Rica to a standstill. Incidents such as the state-sponsored SolarWinds and Microsoft Exchange hack have put pressure on the demarcation line between cyber espionage and disruptive cyber operations. Strategic shifts to more proactive and continuous operations as a method of addressing cyber conflict short of war raise questions about key concepts like sovereignty and breed concerns about crisis escalation. State-sponsored malware is increasingly being found in critical infrastructure and electoral systems. The current armed conflict in Ukraine, which has seen an unprecedented involvement of cyber hacktivist groups and private actors, brings to the fore new difficulties of cyber crisis management for both the belligerents and third states. These ongoing developments in the threat landscape continually shift the goal posts on acceptable state behavior in cyberspace. Despite important strides in cyber policy development by some governments, many strategies are still in the early stages of maturity and provide little guidance for the diversity of cyber crises that can unfold. Moreover, there is much variance in national, regional, and multilateral approaches to what is sometimes called a cyber “wild west” in the international realm, yet these divergences remain understudied. Additionally, states do not always abide by their own policies or the ones agreed internationally, both in their practice of offensive cyber operations and in addressing","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"127 - 130"},"PeriodicalIF":7.0,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48013896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Cyber-attacks and the right of self-defense: a case study of the Netherlands","authors":"Ferry Oorsprong, P. Ducheine, P. Pijpers","doi":"10.1080/25741292.2023.2179955","DOIUrl":"https://doi.org/10.1080/25741292.2023.2179955","url":null,"abstract":"Abstract Whilst Article 51 of the UN Charter as a rule indicates that an “armed attack” may trigger a State’s right of self-defense, the actual purport of armed attack remains a matter of interpretation and qualification. To improve the notion of the rule on self-defense and contribute to the jus ad bellum, more clarification as to what constitutes an armed attack in cyberspace is necessary. Therefore, policy norms—regarding when cyber-attacks reach the threshold of an armed attack—could guide State behavior. On the one hand, these policy norms could be used in the political decision-making processes for States that consider initiating cyber-attacks. On the other, they could help victim States in their decision-making processes in response to grave cyber-attacks. The aim of the paper is to propose a tangible guideline that outlines when cyber-attacks—perpetrated solely in or through cyberspace and not in conjunction with conventional military attacks—can qualify as an armed attack. By assessing the positions of States and leading academic opinions regarding the qualification of cyber-attacks as armed attacks, and applying international and interdisciplinary policy documents to transfer the legal debate into tangible options, a policy framework is deduced that can serve as a baseline for international cyber norms. This framework distinguishes three separate categories of armed attack in cyberspace, each with their own distinctive levels to determine when a cyber-attack can qualify as an armed attack. These absolute levels are tailored for the Netherlands but could also be suitable for other States when transferred to percentages of the gross national/domestic product and the population size.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"217 - 239"},"PeriodicalIF":7.0,"publicationDate":"2023-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43244924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Great power narratives on the challenges of cyber norm building","authors":"Mischa Hansel","doi":"10.1080/25741292.2023.2175995","DOIUrl":"https://doi.org/10.1080/25741292.2023.2175995","url":null,"abstract":"Abstract States, companies and civil society actors broadly agree that ICT misuse needs to be prevented through effective international policies and regulatory efforts. However, corresponding norm-building processes have been repeatedly characterized by setbacks and controversies regarding interpretations. Whenever such a situation has arisen, state representatives quickly engaged in intense storytelling, accusing their counterparts of seeking to impose “the law of the jungle” or of following hidden policy agendas at the UN. This paper focusses on the stories state representatives use to explain the international community’s recurrent failures, such as arms races, crisis escalations or destructive criminal acts. Using narrative concepts and methods, the analysis explores the dynamics of this emerging transnational public diplomacy, focusing on Russia and the United States in particular. Beyond comparing main structural elements of each narrative, the goal is to elucidate legitimization strategies and dilemmas, resulting in several policy implications. For example, United States representatives and allies need to make specific and concise references to UN cyber norms during public attributions, lest they could play into the hands of a counter-narrative of Western domination and hypocrisy.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"182 - 197"},"PeriodicalIF":7.0,"publicationDate":"2023-02-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44341826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Keep walking on the bright side: criticality, credit and challenge","authors":"M. Flinders","doi":"10.1080/25741292.2023.2169982","DOIUrl":"https://doi.org/10.1080/25741292.2023.2169982","url":null,"abstract":"Abstract In a recent article in this journal Mark van Ostaijen and Shivant Jhagroe (O&J) provided a highly critical analysis of Positive Public Administration (PPA). “[It] will not create a way out” they argued “but only a new way into traditional and intellectual problems that have haunted PA as a discipline” and was nothing more than “a rather romantic, nostalgic, and regressive turn to the past and the inability to actually innovate public administration as a field.” This response article argues that although O&J were correct to highlight the risk of co-option and the importance of criticality they are wrong to assume that PPA is for some reason unable to identify or cope with such pressures. By returning to PPA’s core emphasis on the interplay between levels of policy in the interpretation of policy success a multi-levelled framework is provided. This illustrates that the concurrent identification of “success-within-failure” (or vice versa) is possible and therefore identifying successful policy need not be uncritical. As such, PPA need not necessarily be associated with conservative, instrumental, system-affirming thinking in the way O&J assume. “Making public administration again” demands that its adherents hone the ability to range across different policy levels in ways that allow them to avoid the zero-sum trap that O&J identify (but then themselves fall into).","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"381 - 388"},"PeriodicalIF":7.0,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43819160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Designing governance and policy for disruptive digital technologies","authors":"Fernando Filgueiras, Anjanette Raymond","doi":"10.1080/25741292.2022.2162241","DOIUrl":"https://doi.org/10.1080/25741292.2022.2162241","url":null,"abstract":"Abstract The last decade has witnessed a debate about the disruptive role of emerging digital technologies. At the heart of this debate is the issue of big data, which underpins the operations of these digital technologies but creates a series of new risks and issues for society and governments. New policy problems concerning data require formulators of new governance strategies and innovative policy designs. In this introduction to the special issue Data Policy and Governance, we examine scholarship on data governance and data policy, with a particular focus on emerging contributions on these topics. We also present the six articles that make up this special issue and indicate trends and future research directions from the discussion. This review demonstrates how data governance and policy are central to the digital world and require new designs and dynamics to deal with instruments, mixes, practices, and regulatory mechanisms.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"1 - 13"},"PeriodicalIF":7.0,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43417541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Babbar, S. Agrawal, Dilshad Hossain, M. M. Husain
{"title":"Adoption of digital technologies amidst COVID-19 and privacy breach in India and Bangladesh","authors":"M. Babbar, S. Agrawal, Dilshad Hossain, M. M. Husain","doi":"10.1080/25741292.2022.2162255","DOIUrl":"https://doi.org/10.1080/25741292.2022.2162255","url":null,"abstract":"Abstract This article problematizes the institutional void caused by the lack of accountable digital regulation in India and Bangladesh regarding the adoption of public health-related digital technologies during the COVID-19 pandemic. Findings from literature review and preliminary interviews illustrate an emerged pattern in these countries that intersect governmentality and materiality with an absence of oversight. The findings further indicate an absence of privacy laws that leave citizens vulnerable to privacy breach. As surveillance becomes a social norm, authorities appear to turn a blind eye toward human rights while public remain unaware and uninformed. The article recommends that consumer-centric governmentality is needed to ensure the privacy and protection of consumers and citizens in India and Bangladesh.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"103 - 125"},"PeriodicalIF":7.0,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44897173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The state’s role in governing artificial intelligence: development, control, and promotion through national strategies","authors":"G. Papyshev, Masaru Yarime","doi":"10.1080/25741292.2022.2162252","DOIUrl":"https://doi.org/10.1080/25741292.2022.2162252","url":null,"abstract":"Abstract Numerous governments worldwide have issued national artificial intelligence (AI) strategies in the last five years to deal with the opportunities and challenges posed by this technology. However, a systematic understanding of the roles and functions that the governments are taking is lacking in the academic literature. Therefore, this research uses qualitative content analysis and Latent Dirichlet Allocation (LDA) topic modeling methodologies to investigate the texts of 31 strategies from across the globe. The findings of the qualitative content analysis highlight thirteen functions of the state, which include human capital, ethics, R&D, regulation, data, private sector support, public sector applications, diffusion and awareness, digital infrastructure, national security, national challenges, international cooperation, and financial support. We combine these functions into three general themes, representing the state’s role: development, control, and promotion. LDA topic modeling results are also reflective of these themes. Each general theme is present in every national strategy’s text, but the proportion they occupy in the text is different. The combined typology based on two methods reveals that the countries from the post-soviet bloc and East Asia prioritize the theme “development,” highlighting the high level of the state’s involvement in AI innovation. The countries from the EU focus on “control,” which reflects the union’s hard stance on AI regulation, whereas countries like the UK, the US, and Ireland emphasize a more hands-off governance arrangement with the leading role of the private sector by prioritizing “promotion.”","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"79 - 102"},"PeriodicalIF":7.0,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47689965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Policy designs for adaptive governance of disruptive technologies: the case of facial recognition technology (FRT) in China","authors":"Zhizhao Li, Yuqing Guo, Masaru Yarime, Xun Wu","doi":"10.1080/25741292.2022.2162248","DOIUrl":"https://doi.org/10.1080/25741292.2022.2162248","url":null,"abstract":"Abstract Recent regulations introduced by the Chinese government regarding big data technologies are welcome to those long concerned about the risks associated with their rapid deployment. However, these changes are not sufficient to safeguard privacy and data security. More importantly, these policies may not have fully accounted for the disruptive nature of these technologies. In this paper, we examine the need and the potential of new approaches in policy design regarding disruptive technologies by examining the case of facial recognition technology (FRT) in China. We argue that adaptive governance provides a useful framework for future policy design. Regulatory sandbox approach, policy mix and stakeholder engagement are among key policy measures to overcome regulatory challenges.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"27 - 40"},"PeriodicalIF":7.0,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42487417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Data Sharing in Disruptive Technologies: Lessons from Adoption of Autonomous Systems in Singapore","authors":"S. Tan, Araz Taeihagh, Devyani Pande","doi":"10.1080/25741292.2022.2162247","DOIUrl":"https://doi.org/10.1080/25741292.2022.2162247","url":null,"abstract":"Abstract Autonomous systems have been a key segment of disruptive technologies for which data are constantly collected, processed, and shared to enable their operations. The internet of things facilitates the storage and transmission of data and data sharing is vital to power their development. However, privacy, cybersecurity, and trust issues have ramifications that form distinct and unforeseen barriers to sharing data. This paper identifies six types of barriers to data sharing (technical, motivational, economic, political, legal, and ethical), examines strategies to overcome these barriers in different autonomous systems, and proposes recommendations to address them. We traced the steps the Singapore government has taken through regulations and frameworks for autonomous systems to overcome barriers to data sharing. The results suggest specific strategies for autonomous systems as well as generic strategies that apply to a broader set of disruptive technologies. To address technical barriers, data sharing within regulatory sandboxes should be promoted. Promoting public-private collaborations will help in overcoming motivational barriers. Resources and analytical capacity must be ramped up to overcome economic barriers. Advancing comprehensive data sharing guidelines and discretionary privacy laws will help overcome political and legal barriers. Further, enforcement of ethical analysis is necessary for overcoming ethical barriers in data sharing. Insights gained from this study will have implications for other jurisdictions keen to maximize data sharing to increase the potential of disruptive technologies such as autonomous systems in solving urban problems.","PeriodicalId":20397,"journal":{"name":"Policy Design and Practice","volume":"6 1","pages":"57 - 78"},"PeriodicalIF":7.0,"publicationDate":"2023-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46326817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}