How the balance of power is changing on cybersecurity

The Twitter hack, compromising the accounts of some of the most prominent people on the website, was a reminder of the growing salience of cybersecurity.

Everyday, the news carries word of such data security breaches, debates over use of facial recognition technology, and the growth in cyber conflict.


The standard reading is that incidents like these require ever ‘more’ technology, in volume, capacity, sophistication, and ubiquity.


We contend that these incidents chronicle a foundational shift in the relationships between firms, individuals, data and regulatory capacity, often across borders – and hence require a rethink of how state actors and firms engage emerging technologies.

As the prominence and centrality of large technology firms in economic activities and in civic and political life grow, their relevance to core areas of state affairs of sovereignty and security also increases. Governments, in short, are no longer the only – or in some respects even the principal – players in the provision of national security.




首先,国家行为者不再是其他州交付国家安全的主要关注点。其他参与者,重要的大型科技公司和一些全球咨询公司的真实或潜在进攻能力意味着,国家安全计划现在必须考虑不仅来自其他国家,而且还来自私营部门的威胁。州经常必须与除最先进的州行为者外的所有能力和资源更大的能力和资源来管理网络挑战的公司。由于这些事态发展,“国家安全”本身是一个动议的术语,在政策和实践中产生了新的议程 - 在公司领域,促使“企业外交”作为大公司的重要新能力。

Second, governments can no longer take for granted their ability to protect national and economic security against all relevant threats. From infrastructure protection to encryption to data collection and analysis, the work of private companies provides the primary and sometimes superior line of defence against cyber threats. This in turn raises still further challenges in how and in what ways tech firms collaborate with government actors. Never before in modern history has national security provision relied so much on the private sector capacity and deep tech expertise as in the current era.

州对sovereignt作出了回应y gap by pushing back against the private sector’s growing relevance. The case of information threats travelling via social media, for example, is instructive here. Social media companies such as Facebook and Twitter are the first line and primary players in attempts to fend off外国虚假信息运动that seek to sow division and discord within democracies or that seek to undermine public confidence in the legitimacy of electoral outcomes. Their public records on this work do not inspire. And over time these ‘platform’ companies remain under-regulated by virtue of debates in the division of regulatory labor: Is Facebook a media company or a private information platform? The answers to that question are plural, and they implicate different regulatory agencies and policy models. There are differences of degree between the US responses and those of the European Union; both are still preliminary.


Another concern involves the controversial use of facial analysis technology in policing. Amazon recently announced that it will暂停该技术的使用在美国,由于对种族和算法中的其他偏见的关注。没有明确的监管框架来管理这一技术应用,事实上,这是通过内部工人的抵制和对政府合同的挑战来实现的,流行媒体动员以及其他此类“非正式”(和不均匀)的响应来源。具有讽刺意味的是,法规的设计要求将其技术受到监管的公司参与(美国国会代表目前正在咨询亚马逊;欧盟政策制定者正在与公司对话。


These examples highlight both the timeliness and analytic value of tools from international relations and regime theories to understand and solve these challenges. This approach points to how regimes structure both attention to these challenges and the available policy solutions. Standard IR regime theory on build an analysis by focus on relevant actors, principles and rules, and decision criteria. We find that much of the regulatory capacity, tools, and rules in the cyberspace are drawn by analogy from other incumbent technologies and industries. This is consistent with findings of the histories of technology and innovation.

The core point is that emerging cyber technologies have altered the balance of capacity and influence between state actors and corporations in core areas of national and international life. Although information about government capacity and practices in this space is often classified, much data exists in the public domain with which to evaluate international norms construction, social media information campaigns, and technology assisted policing.


这项研究智慧的好处与政策和实践有关:充分欣赏一个“案件”或事件以外的网络安全和技术治理的挑战,需要协调,纪律严明的询问。任何单一学科的优点都是专门的重点 - 无论是计算机科学还是管理研究还是政治科学。此外,任何单一观点都可以最终解决技术问题的想法是假定工程师和计算机科学家,私人公司或政府的管辖权至关重要。这里必要的知识项目是融合这些观点。因此,我们努力构建一项研究计划,该计划从“学科国会”开始,该计划将国际关系理论和全球事务与技术理解和管理研究联系起来。

The issue for practice is to experiment with the idea of corporate diplomacy and to explore new ways for tech firms and governments to work together – and also to specify correctly the differences and conflicts. We need urgently an era of experimentation to develop new kinds of capacity and new kinds of collaboration – and a generation of leaders in both venues with experience in this work.


Most popular