MIT white logo

Global CyberPolitics

Cybersecurity Institutions

Institutions for cybersecurity are positioned at the intersection of the long tradition of international institutions on the one hand, and the new domain of cyberpolitics, on the other. This research thrust seeks to develop an initial baseline for representing and tracking institutional responses to a rapidly changing threats to security of the cyber domain.

The overall challenge is to (a) highlight institutional theory and create an empirical “census” of institutions-in-place for cyber security, (b) assess the salience of new institutional mechanisms designed in response to cyber threats, (c) examine major institutional responses to cyber threats and cybercrime, and (d) focus on key linkages between information technology and the various cyber processes that enhance development and sustainability.

Recognizing that the institutional landscape managing security issues in the cyber domain has expanded considerably, here focus on two related issues:

  • Cybersecurity institutional ecosystem
  • Institutional anchors for cybersecurity

The initial phase of research resulted in a first full mapping of institutions and data sharing initiatives. The second phase extended the earlier work, including private-public collaboration. At the same time, however, the ecosystem for cyber security institutions remains “under construction” as they expand in scale and scope.

Cybersecurity Institutional Ecosystem:

While a large number of institutions are identified and reviewed, there is no claim to provide an exhaustive “census.” Generally, three criteria shape the selection of institutions: (a) formal mission statement addressing cyberspace and cybersecurity, (b) provision of public qualitative or quantitative data in international, intergovernmental, national, non-profit, and private sectors and (c) coordination responsibility based on formal mandates issued by recognized international or national bodies.

The Figures signal forms of cooperation: Figure 2.4 depicts global coordination, followed by institutional coordination for the United States, Figure 2.5.

Connectons among CERTs: Asia, Europe and United States.

CONNECTIONS AMONG CERTS: ASIA, EUROPE AND UNITED STATES.
Source: Ferwerda, Choucri, adn Madnick (2011). Institutional Foundations for Cyber Security: Current Reponses and New Challenges CISL Working Paper No. 2009-03. Composite Information Systems Laboratory, Sloan School of Management, MIT, Cambridge, MA, September.

POINTS OF CONTROL AS USED BY THE GOVERNMENT OF CHINA.
Source: Choucri, N., & Clark, D. D. (2019). International relations in the cyber age: The co-evolution dilemma. MIT Press.
Note: Distinction between primary actor (e.g., the ISP) and the state is not illustrated.

Institutional Anchors for Cybersecurity:

Such features notwithstanding, based on the evidence to date, we suggest that considerable strides have been made to establish foundations for greater information sharing in the realm of cyber security. Some notable pointers include the following: [9]

  • The establishment of not-for-profit institutions designed to focus on cyber threats (CERT/CC, FIRST, private CERTs, and ISACs),” is a growing trend on the international landscape.
  • The functional international organizations with core missions and competencies (notably the ITU) have adopted security as part of their missions.
  • Despite these seemingly complex and uncoordinated responses at the national level, specific agencies are more and more tasked with responding to cybercrime (notably the FBI in the US).
  • The development of binding international legislation (i.e. the Convention on Cybercrime) elevates the sense of vulnerability as well as the need to coordinate responses to a higher level of awareness than ever before.

These are few examples from a longer set of pointers, but they highlight some potential moves toward greater global collaboration.

References: