Public-private collaboration in the form of different co- and self-regulatory frameworks in recent years has become an important part of fighting cybercrime and maintaining cybersecurity. However, the regulatory frameworks and approaches in this field are still in their infancy. The project aimed to support the collaboration between the public and private sectors by developing proposals for the improvement of collaboration frameworks and by fostering capacity-building activities.

The eco­sys­tem of figh­ting cy­ber­cri­me and main­tai­ning cy­ber­se­cu­ri­ty no­wa­days con­sists of in­ter­de­pen­dent in­ter­na­tio­nal and na­tio­nal ac­tors lin­ked to na­tio­nal in­for­ma­ti­on in­fra­struc­ture net­works and ser­vices, in­clu­ding fi­nan­ci­al and ban­king sys­tems, ener­gy sup­ply and com­mu­ni­ca­ti­on net­works. The over­all de­ve­lop­ment of the ICT net­works has be­en do­mi­na­ted and con­trol­led by pri­va­te in­dus­try with litt­le or no re­gu­la­ti­on in­vol­ved. As a re­sult, pri­va­te rat­her than pu­blic ac­tors fund, ma­na­ge and run In­ter­net and com­mu­ni­ca­ti­on net­works, in­clu­ding cri­ti­cal in­for­ma­ti­on in­fra­struc­ture. This si­tua­ti­on calls for new co­ope­ra­ti­ve mo­dels of re­gu­la­ti­on and en­for­ce­ment bet­ween go­ver­n­ments and pri­va­te in­dus­try.

The com­mon no­ti­on, which do­mi­na­ted in the past de­ca­de, is that cy­ber­se­cu­ri­ty and cri­ti­cal in­for­ma­ti­on in­fra­struc­ture pro­tec­ti­on re­qui­re pu­blic-pri­va­te col­la­bo­ra­ti­on, hands-off re­gu­la­ti­on and re­co­gni­ti­on of the si­gni­fi­cant ro­le that in­dus­try plays in se­cu­ring the in­for­ma­ti­on net­works. The in­cre­a­sing de­pen­den­cy on cri­ti­cal in­for­ma­ti­on in­fra­struc­tu­res, ho­we­ver, ha­ve led to a shift in po­li­cy ma­king in the past few years and to calls for hier­ar­chi­cal top-down com­mand-and-con­trol so­lu­ti­ons. Re­cent dis­cus­si­ons and le­gis­la­ti­ve de­ve­lop­ments, espe­ci­al­ly at the le­vel of the EU and its mem­ber states, rai­se ma­ny con­cerns about shif­ting the ba­lan­ce in cy­ber­se­cu­ri­ty from col­la­bo­ra­ti­on to hea­vier re­gu­la­ti­on. With all the sub­stan­ti­al ef­forts that ha­ve al­rea­dy be­en ta­ken to build so­lu­ti­ons for co- and self-re­gu­la­ti­on in figh­ting cy­ber­cri­me and ad­dres­sing cy­ber­se­cu­ri­ty threats, the shift from sup­por­ting vo­lun­ta­ry ap­proa­ches to state coer­ci­on might ne­glect the trust and ca­pa­ci­ty that ha­ve al­rea­dy be­en built. The dif­fe­rences bet­ween na­tio­nal ap­proa­ches to col­la­bo­ra­ti­on and dif­fe­rent le­vels of trust bet­ween in­dus­try and go­ver­n­ments at the na­tio­nal le­vel crea­te fur­ther ten­si­ons and frag­men­ta­ti­on of the re­gu­la­to­ry ap­proa­ches to pu­blic-pri­va­te col­la­bo­ra­ti­on in figh­ting cy­ber­cri­me and in cy­ber­se­cu­ri­ty.

The aim of the pro­ject was to pro­vi­de in­put to­wards sol­ving the pro­blem of fin­ding ap­proa­ches to pu­blic-pri­va­te co­ope­ra­ti­on in this field by, first, aca­de­mic re­se­arch and, se­cond, ca­pa­ci­ty-buil­ding ef­forts. The pro­ject in­clu­ded the stu­dy of ap­proa­ches to self- and co-re­gu­la­ti­on in figh­ting cy­ber­cri­me and pro­vi­ding cy­ber­se­cu­ri­ty – from ad hoc and ac­ci­den­tal col­la­bo­ra­ti­on to mo­re struc­tu­red ap­proa­ches. Fur­ther­mo­re, it com­pa­red co- and self-re­gu­la­to­ry mo­dels exis­ting in dif­fe­rent ju­ris­dic­ti­ons, espe­ci­al­ly in the Eu­ro­pean Uni­on. Last­ly, the pro­ject ex­ami­ned the is­sue of achie­ving the ba­lan­ce bet­ween hands-off re­gu­la­ti­on and sta­tu­to­ry in­ter­ven­ti­on, and it ana­ly­zed the pro­blems and dra­w­backs of dif­fe­rent forms of re­gu­la­ti­on. Ano­ther goal of the pro­ject was to con­tri­bu­te to ca­pa­ci­ty buil­ding and dia­logue among in­dus­try, go­ver­n­ments and ci­vil so­cie­ty in buil­ding con­fi­dence and trust, im­pro­ving the chan­nels for col­la­bo­ra­ti­on and de­ve­lo­ping cle­ar fra­me­works for self- and co-re­gu­la­ti­on in mat­ters of cy­ber­cri­me and cy­ber­se­cu­ri­ty.

The pro­ject re­sul­ted in the pu­bli­ca­ti­on of a book in co-au­t­hor­ship with an in­dus­try re­pre­sen­ta­ti­ve (Tro­pi­na, Ta­tia­na & Calla­nan, Cor­mac, (2015) Self- and Co-re­gu­la­ti­on in Cy­ber­cri­me, Cy­ber­se­cu­ri­ty and Na­tio­nal Se­cu­ri­ty). Fur­ther­mo­re, so­me of the re­sults of the pro­ject we­re re­flec­ted on in other pu­bli­ca­ti­ons on spe­ci­fic is­su­es re­la­ted to cy­ber­cri­me and se­cu­ri­ty, e.g. a back­ground pa­per on di­gi­tal tech­no­lo­gies and il­li­cit fi­nan­ci­al flows for the World Bank’s Word De­ve­lop­ment Re­port 2016, etc. The re­sults and fin­dings of the pro­ject we­re ap­p­lied to dif­fe­rent ca­pa­ci­ty-buil­ding ef­forts, such as trai­ning re­pre­sen­ta­ti­ves from law en­for­ce­ment, in­dus­try and ci­vil so­cie­ty at dif­fe­rent ca­pa­ci­ty buil­ding events, or­ga­ni­zed and sup­por­ted by the Eu­ro­pean Ju­di­ci­al Trai­ning Net­work, Aca­de­my of Eu­ro­pean Law, the Dutch go­ver­n­ment, and other sta­ke­hol­ders.