Premium
An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure
Author(s) -
Atkins Sean,
Lawson Chappell
Publication year - 2021
Publication title -
public administration review
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 2.721
H-Index - 139
eISSN - 1540-6210
pISSN - 0033-3352
DOI - 10.1111/puar.13322
Subject(s) - critical infrastructure , vulnerability (computing) , business , competition (biology) , private sector , public relations , computer security , finance , industrial organization , economics , political science , economic growth , computer science , ecology , biology
The last two decades have revealed the vulnerability of privately owned “critical infrastructure”—the power grid , pipelines , financial networks , and other vital systems—to cyberattack. The central U.S. response to this challenge has been a series of sectoral “partnerships” with private owner‐operators of critical infrastructure , involving varying degrees of regulation. Qualitative analysis based on in‐depth interviews with over 40 policymakers and senior private sector managers , as well as public documents , reveals considerable variation in how well this approach has worked in practice. The main predictors of policy success appear to be (a) the nature of the cyber threat to firms’ operations and (b) regulatory pressure on firms. However , other factors—such as the nature of intra‐industry competition—also affect how well the current regime works in specific sectors. Our findings have implications for public administration on civilian cybersecurity , as well as ramifications for regulation in other policy domains.