Public-private collaboration in the form of different co- and self-regulatory frameworks in recent years has become an important part of fighting cybercrime and maintaining cybersecurity. However, the regulatory frameworks and approaches in this field are still in their infancy. The project aimed to support the collaboration between the public and private sectors by developing proposals for the improvement of collaboration frameworks and by fostering capacity-building activities.
Projektstatus: abgeschlossen Forschungsschwerpunkte: Funktionale Grenzen des Strafrechts und neue Formen der Sozialkontrolle Abteilung: Strafrecht (Prof. Sieber) Projektdauer: Projekt Startdatum: 2013
Projekt Enddatum: 2018
The ecosystem of fighting cybercrime and maintaining cybersecurity nowadays consists of interdependent international and national actors linked to national information infrastructure networks and services, including financial and banking systems, energy supply and communication networks. The overall development of the ICT networks has been dominated and controlled by private industry with little or no regulation involved. As a result, private rather than public actors fund, manage and run Internet and communication networks, including critical information infrastructure. This situation calls for new cooperative models of regulation and enforcement between governments and private industry.
The common notion, which dominated in the past decade, is that cybersecurity and critical information infrastructure protection require public-private collaboration, hands-off regulation and recognition of the significant role that industry plays in securing the information networks. The increasing dependency on critical information infrastructures, however, have led to a shift in policy making in the past few years and to calls for hierarchical top-down command-and-control solutions. Recent discussions and legislative developments, especially at the level of the EU and its member states, raise many concerns about shifting the balance in cybersecurity from collaboration to heavier regulation. With all the substantial efforts that have already been taken to build solutions for co- and self-regulation in fighting cybercrime and addressing cybersecurity threats, the shift from supporting voluntary approaches to state coercion might neglect the trust and capacity that have already been built. The differences between national approaches to collaboration and different levels of trust between industry and governments at the national level create further tensions and fragmentation of the regulatory approaches to public-private collaboration in fighting cybercrime and in cybersecurity.
The aim of the project was to provide input towards solving the problem of finding approaches to public-private cooperation in this field by, first, academic research and, second, capacity-building efforts. The project included the study of approaches to self- and co-regulation in fighting cybercrime and providing cybersecurity – from ad hoc and accidental collaboration to more structured approaches. Furthermore, it compared co- and self-regulatory models existing in different jurisdictions, especially in the European Union. Lastly, the project examined the issue of achieving the balance between hands-off regulation and statutory intervention, and it analyzed the problems and drawbacks of different forms of regulation. Another goal of the project was to contribute to capacity building and dialogue among industry, governments and civil society in building confidence and trust, improving the channels for collaboration and developing clear frameworks for self- and co-regulation in matters of cybercrime and cybersecurity.
The project resulted in the publication of a book in co-authorship with an industry representative (Tropina, Tatiana & Callanan, Cormac, (2015) Self- and Co-regulation in Cybercrime, Cybersecurity and National Security). Furthermore, some of the results of the project were reflected on in other publications on specific issues related to cybercrime and security, e.g. a background paper on digital technologies and illicit financial flows for the World Bank’s Word Development Report 2016, etc. The results and findings of the project were applied to different capacity-building efforts, such as training representatives from law enforcement, industry and civil society at different capacity building events, organized and supported by the European Judicial Training Network, Academy of European Law, the Dutch government, and other stakeholders.