Embed Size (px)
Citation preview
Bridging the Gap: Theory and Practice in Cybersecurity Policy
Johan Eriksson
The Swedish Institute of International Affairs
www.ui.se
Two major challenges
Bridging the gap between political and technical expertise
Bridging the gap between theory and practice
Bridging the gap between political and technical expertise Technical experts dominate research and development in
cybersecurity How? Why? Is this a problem?
Social science can help answer questions about for example: The political context of cybersecurity The identity, motives, and organizational forms of adversaries The symbolic-political effects of attacks and countermeasures Obstacles and opportunities for policy coordination across
bureucratic, public-private, and international boundaries
How to bridge the gap between political and technical expertise Insightful individuals in both camps must take the
lead Appreciate that it takes time to reach an
understanding of each others’ perspectives Do not seek a single joint approach: see differences
in methodology as complementary advantages Join focus on concrete issues, such as particular
events or infrastructures Economic incentive: cross-disciplinary collaboration
is supported by major research funds Fora for cross-disciplinary research, e.g. Journal of
Information Technology & Politics
Swedish research collaboration on cybersecurity CATS/National Defence College and the Swedish Institute of
International Affairs Information operations, cybersecurity, threat analysis Social science approach
National IT security research network for PhD students (computer science)
Defence Research Establishment (mainly technical expertise) Royal Technical University, and Kista Science Center
Technical expertise, computer science Lindholmen Science Park, Security Arena (lindholmen.se)
Public-private partnership (Ericsson, IBM, Volvo, Chalmers Technical University, Göteborg University)
Crisis management and CIP, computer science focus
How to bridge the gap between theory and practice From research and analysis to policy and
action
The two cultures
What can researchers contribute with?
Conditions for policy impact
Usable research?
Research as data – instrumental utilization Improving the factual knowledge-base of policy
Research as ideas – conceptual utilization Shaping practitioners’ understanding of the nature and
consequences of problems and alternative responses
Research as arguments – symbolical utilization Legitimating decisions which have already been made, or
supporting critique of decisions
Conditions for utilization
Research as data is more likely to be used: When there is consensus on values and
interests Absence of conflict within and between
agencies When decision makers (or their staff) are
analytically sophisticated When input of research into policy is
institutionalized
Conditions for utilization, continued Research as ideas is more likely to be used: When a crisis opens opportunities for reform,
creating a demand for new ideas When there is consensus that there is a need
for a new policy When decision makers are intellectually
inclined (”thinkers” more than ”doers) When a new idea fits within the overarching
policy paradigm
Conditions for utilization, continued Research as arguments is more likely to be
used: In parliaments and in courts When there is conflict over basic values and
interests After the fact: when decisions have already
been made
If you have lots of time to read:Eriksson, J. & G. Giacomello, eds (2007) International Relations and Security in the Digital Age (Routledge).
Eriksson, J. & G. Giacomello (2006) The Information Revolution, Security, and International Relations: (IR)relevant Theory?, International Political Science Review, 27(3): 221-244.
Eriksson, J. (2006) Power Disparity in the Digital Age. In O.F. Knudsen (ed.) Security Strategies, Power Disparity and Identity: The Baltic Sea Region (Ashgate Publishing).
Contact:[email protected]
Tel +46 (0)8 511 768 21
Thank You!
