Proactive Cybersecurity: A Comparative Industry and Regulatory Analysis

63 Pages Posted: 6 Mar 2015 Last revised: 10 Mar 2015

See all articles by Amanda Craig

Amanda Craig

Indiana University Maurer School of Law

Scott Shackelford

Indiana University - Kelley School of Business - Department of Business Law; Harvard Kennedy School Belfer Center for Science & International Affairs; Center for Applied Cybersecurity Research; Stanford Center for Internet and Society; Stanford Law School

Janine S. Hiller

Virginia Polytechnic Institute & State University

Date Written: March 4, 2015

Abstract

This Article analyzes recent business realities and regulatory trends shaping the proactive cybersecurity industry. To provide a framework for our discussion, we begin by describing the historical development of the industry and how it has been shaped by the applicable law in the United States and other G8 nations. We then catalogue the proactive cybersecurity practices of more than twenty companies, focusing on four case studies that we consider in the context of polycentric “global security assemblages.” Finally, we assess the emergence of proactive cybersecurity norms, both within industry and international law, and consider the implications of this movement on contemporary Internet governance debates about the role of the public and private sectors in regulating cyberspace. Ultimately, we maintain that proactive cybersecurity, especially if pursued with improved legal clarity and global cooperation, demonstrates an opportunity for polycentric partnerships to result in better protected IT assets.

Keywords: cybersecurity, active defense, hack back, international law, comparative law, polycentric governance

Suggested Citation

Craig, Amanda and Shackelford, Scott J. and Hiller, Janine S., Proactive Cybersecurity: A Comparative Industry and Regulatory Analysis (March 4, 2015). American Business Law Journal, 2015. Available at SSRN: https://ssrn.com/abstract=2573787

Amanda Craig

Indiana University Maurer School of Law ( email )

211 S. Indiana Avenue
Bloomington, IN 47405
United States

Scott J. Shackelford (Contact Author)

Indiana University - Kelley School of Business - Department of Business Law ( email )

Bloomington, IN 47405
United States

Harvard Kennedy School Belfer Center for Science & International Affairs ( email )

79 JFK Street
Cambridge, MA 02138
United States

Center for Applied Cybersecurity Research ( email )

Wylie Hall 105
100 South Woodlawn
Bloomington, IN 47405
United States

Stanford Center for Internet and Society ( email )

Palo Alto, CA
United States

Stanford Law School ( email )

Stanford, CA 94305
United States

Janine S. Hiller

Virginia Polytechnic Institute & State University ( email )

Blacksburg, VA 24061
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
699
rank
35,063
Abstract Views
2,531
PlumX Metrics
!

Under construction: SSRN citations while be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information