Comparative Industrial Policy in the Cybersecurity Industry: Policies, Drivers, and International Implications

Cyber attacks of varying severity, ranging from email hacking to Distributed Denial of Service attacks (DDoS) to advanced persistent threats (APT) to industries are commonplace. Yet at the same time, with the economy being increasingly data-based, these attacks pose a significant security and economic problem. The issue of how to cope with such intrusions raises critical questions about the role that governments should play in regulating the data economy. While few would doubt the importance of maintaining secure data, whether the government should go beyond sharing best practices for data security and implement more aggressive industrial polices to secure data is debatable. 

 

Tracing how businesses, governments, and other actors interact is crucial for understanding how to develop sound cybersecurity policy. Firms’ efforts to secure government protection of a sector by pointing to national security is hardly new. In reality, however, claims about a given sector being critical to national security have often been abused. In the 1950s, the wool industry argued for the protection of domestic production, claiming that “there is a need for 150 million to 200 million woolen blankets to ensure survival in case of an atomic war.” Yet cybersecurity is clearly seen in a very different light by governments and genuine security concerns exist given the pervasiveness of vulnerable data in all sectors of the economy

 

This project will evaluate the role of firms, governments, and other key stakeholders in the rise of industrial policy in important states in the cybersecurity industry. In particular, we focus on the U.S., Japan, China, Taiwan, the EU and key European states. Our goals are as follows: 1) to inventory existing measures employed by these countries; 2) to understand the driving forces of cybersecurity industrial policy on a comparative basis in these countries; and 3) to examine the likely conflicts that will arise from the competitive pursuit of such industrial policies and how they might possibly be resolved through institutional cooperation both domestically and internationally.

 

Speakers include:

Vinod Aggarwal, UC Berkeley

Andrew Reddie, UC Berkeley

Ben Bartlett, UC Berkeley

Nick Kuipers, UC Berkeley

Dan Spokojny, UC Berkeley

Paul Timmers, European Union Commission

Madeline Carr, Cardiff University

Tai Min Cheung, UC San Diego

Mika Kerttunen, Cyber Policy Institute

Eneken Tikk-Ringas, International Institute of Strategic Studies

Hsini Huang, National Taiwan University

Tien-Shen Li, National Taiwan University

Danilo D’Elia, Chaire Castex of Cyberstrategy / European Cyber Security Organisation

Vera Zakem, CNA Center for Stability and Development