Abstract
Recent analyses of international affairs highlight that states are increasingly exploiting the key position of some private industries in critical hubs of global economic networks to gain an advantage over their competitors. The key role of private companies in international competition has also significant implications in the cyber-domain, where private actors are the main owners of data and digital infrastructures. In contrast to those who see a transformative effect of cyber, this article draws on comparative political economy and defense policy to identify two different models of state-industry relations in the governance of cybersecurity. The theoretical framework distinguishes between public and private governance ecosystems and identifies different hypotheses on how states and industries interact in cybersecurity governance in France and in the UK. The French public governance is characterized by the presence of formal and informal relations between state and industries, a high degree of public investment in the private sector and centralized institutions. France has also used the EU mainly to advance its industrial interests. In contrast, the UK private governance is characterized by more arm's length relations between the state and industries and a less centralized system. Moreover, the UK, differently to France, has not used the EU channel to advance its industry-related preferences. These results confirm the macro-differences between public and private governance ecosystems and open new relevant avenues to investigate the interplay between political economy structures and European and international pressures in policy-areas with both economic and security implications.
Acknowledgements
We thank Andre Barrinha as well as the anonymous reviewers and the editors of Review of International Political Economy for comments and suggestions on earlier versions of this article. Antonio Calcara thanks the Department of Political Science of LUISS University for a scholarship on ‘Cybersecurity Governance’ (2019-2020) and the Research Foundation – Flanders (FWO) G054221N grant on ‘Competition and cooperation in European defence: private versus public governance and EU policy outcomes’.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Notes
1 Our analysis takes into account the period both before and after the Brexit referendum in 2016.
2 Critical infrastructures are systems or assets so vital to a country that any extended incapacity or destruction of such systems would have a debilitating impact on security, the economy, national public health, or any combination of the above. The most frequently listed examples encompass banking and finance, government services, telecommunication and information and communication technologies, emergency and rescue services, energy and electricity, health services, transportation, logistics and distribution.
3 Thales has recently acquired Alcatel-Lucent's cyber security services activities.
4 Interview French cybersecurity firm representative 12/07/2019.
5 French Government, The Big Investment Plan 2018-2022. Retrieved from: https://www.gouvernement.fr/en/the-biginvestment-plan-2018-2022
6 The ECSO represent the industry-led contractual counterpart to the European Commission for the implementation of the Cyber Security contractual Public-Private Partnership (cPPP).
7 Interview with a British cybersecurity industry representative 14/11/2019.
8 Interview with a British cybersecurity industry representative 14/11/2019; Interview with a British industry representative 17/11/2019.
9 Interview British Defence Official 15/10/2019.
Additional information
Notes on contributors
Antonio Calcara
Antonio Calcara is Post-Doctoral Researcher in the Department of Political Science of the University of Antwerp, Belgium.
Raffaele Marchetti
Raffaele Marchetti is Full Professor in International Relations at the Department of Political Science of LUISS University, Italy.