Bottoms Up: A Comparison of Voluntary Cybersecurity Frameworks

UC Davis Business Law Journal, 2016, Forthcoming

Kelley School of Business Research Paper No. 16-2

39 Pages Posted: 12 Dec 2015

See all articles by Scott Shackelford

Scott Shackelford

Indiana University - Kelley School of Business - Department of Business Law; Harvard Kennedy School Belfer Center for Science & International Affairs; Center for Applied Cybersecurity Research; Stanford Center for Internet and Society; Stanford Law School

Scott Russell

Indiana University Bloomington - Center for Applied Cybersecurity Research

Jeffrey Haut

Indiana University Maurer School of Law

Date Written: December 10, 2015

Abstract

Although there is a spectrum of cybersecurity regulatory frameworks emerging around the world ranging from more state-centric approaches to voluntary initiatives, more and more nations — including the United States — seem to be settling on a bottom-up approach to enhancing private-sector cybersecurity. Emblematic of this movement in the U.S. context is the 2014 National Institute for Standards and Technology (NIST) Cybersecurity Framework. This Framework, which is comprised partly of regularly updated cybersecurity best practices, has already been influential in shaping the field of cybersecurity due diligence not only in the United States, but also in nations ranging from Canada to India. However, there has not yet been a thorough examination of the similarities and differences between these various bottom-up approaches and the extent to which they are promoting the harmonization of cybersecurity best practices. This Article addresses this omission by investigating a subset of national approaches to cybersecurity policymaking highlighting the extent to which they are converging and diverging using the NIST Framework as a baseline for comparison. Such an understanding is vital not only to businesses operating across these jurisdictions, but also to policymakers seeking to leverage the expertise of the private sector in promoting cyber peace.

Keywords: cybersecurity, cyber attack, international law, comparative law

Suggested Citation

Shackelford, Scott J. and Russell, Scott and Haut, Jeffrey, Bottoms Up: A Comparison of Voluntary Cybersecurity Frameworks (December 10, 2015). UC Davis Business Law Journal, 2016, Forthcoming; Kelley School of Business Research Paper No. 16-2. Available at SSRN: https://ssrn.com/abstract=2702039

Scott J. Shackelford (Contact Author)

Indiana University - Kelley School of Business - Department of Business Law ( email )

Bloomington, IN 47405
United States

Harvard Kennedy School Belfer Center for Science & International Affairs ( email )

79 JFK Street
Cambridge, MA 02138
United States

Center for Applied Cybersecurity Research ( email )

Wylie Hall 105
100 South Woodlawn
Bloomington, IN 47405
United States

Stanford Center for Internet and Society ( email )

Palo Alto, CA
United States

Stanford Law School ( email )

Stanford, CA 94305
United States

Scott Russell

Indiana University Bloomington - Center for Applied Cybersecurity Research ( email )

Wylie Hall 105
100 South Woodlawn
Bloomington, IN 47405
United States

Jeffrey Haut

Indiana University Maurer School of Law

211 S. Indiana Avenue
Bloomington, IN 47405
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
433
rank
64,955
Abstract Views
1,485
PlumX Metrics
!

Under construction: SSRN citations will be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information