ABSTRACT
Protecting critical infrastructure against cyber-attacks is a policy challenge arising from the disruptive potential of emerging digital technologies. Governments face difficult choices since cybersecurity is a public responsibility, but often a private task: Should they design their capacities hierarchically or rely on collaboration with private firms? We argue that choices depend on the institutional setting and the nature of the challenge. Our comparison of state-capitalist France with the market-capitalist United Kingdom corroborates our expectations that the former controls intermediaries more hierarchically and that both governments adopt a more assertive role when safeguarding against threats than when managing risks.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
1. We would like to thank Richard Grieße for his excellent research assistance. This article also benefitted a lot from an excellent review process and constructive comments provided by the editors of the special issue. We also appreciate debates on cyberspace and critical infrastructure with participants of the SCIENCE-PEACE-SECURITY ‘19 conference proceedings in Darmstadt as well as with many great colleagues at the LMU Munich and the EUI in Florence.
2. Cf. National Information System Security Agency (ANSSI): https://www.ssi.gouv.fr/and National Cyber Security Council (NCSC): https://www.ncsc.gov.uk/Search terms were, inter alia, “vital operator”, “critical infrastructure”, “certification”, “budget”, “reporting”.
3. We would like to thank one of our anonymous reviewers for pointing towards this important future undertaking.