Abstract
The literature on risk and regulatory governance has barely heeded the institutionalization of cybersecurity regulatory practices by national policy regimes. As the role of the state in cybersecurity governance is gradually expanding, we still lack an empirical and theoretical understanding of how the regulatory state copes with the cybersecurity governance challenge. Therefore, we ask how the role of the state has expanded in leading cybersecurity governance efforts? What characteristics of cybersecurity governance challenge the regulatory state? And how the Israeli cybersecurity regulatory regime has been addressing those challenges? We trace the literature on the new roles of the state in cybersecurity governance and build an analytical framework based on the challenging characteristics of cybersecurity governance. We then conduct an in-depth case study analysis of the Israeli cybersecurity regulatory regime. In contrast to arguments about the inability of the state to cope with dynamic technological changes, we find that the state is ever more relevant, restructuring the government and creating new methods, institutional settings, and incentives to cope with the cybersecurity governance problem. The intersection of cybersecurity with the regulatory state creates new avenues of regulatory development, shedding light on new directions for regulatory governance in the digital age.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbott, K. W., Levi-Faur, D., & Snidal, D. (2017). Theorizing regulatory intermediaries. The ANNALS of the American Academy of Political and Social Science, 670(1), 14–35.
Acre, I. (2003). The weakest link revisited. IEEE Security & Privacy, 1(2), 72–76.
Boeke, S. (2017). National cyber crisis management: Different European approaches. Governance, 31, 449–464.
Bughin, J., LaBerge, L., & Mellbye, A. (2017). The case of digital reinvention. Mckinsey.com. Accessible here: https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/the-case-for-digital-reinvention.
Carr, M. (2016). Public-private partnerships in national cyber-security strategies. International Affairs, 92(1), 43–62.
Coglianese, C., & Lazer, D. (2003). Management-based regulation: Prescribing private management to achieve public goals. Law & Society Review, 37(4), 691–730.
Cohen, J. (2016). The regulatory state in the information age. Technical Inqueries in Law, 17(2), 369–414.
Constable, S. (2018). Why we should not regulate the tech industry. Forbes.com. Accessible here: https://www.forbes.com/sites/simonconstable/2018/03/26/no-we-really-dont-need-government-regulation-of-the-tech-industry/#1c1a771deb8d.
Dullien, T. (2017). Weird machines, exploitability, and provable non-exploitability. IEEE Transactions on Emerging Topics in Computing.
Dunn Cavelty, M., & Egloff, F. J. (2019). The politics of cybersecurity: Balancing different roles of the state. St Antony’s International Review, 15(1), 37–57.
Dunn Cavelty, M., & Suter, M. (2009). Public-private partnerships are no silver bullet: An expanded governance model for critical infrastructure protection. International Journal of Critical Infrastructure Protection, 2(4), 179–187.
Eckert, S. (2005). Protection critical infrastructure—The role of the private sector. In P. Dombrowski (Ed.), Guns and butter: The political economy of international security. Boulder, CO: Lynne Rienner.
Eichensehr, K. E. (2015). The cyber-law of nations. The Georgetown Law Journal, 103, 317–380.
Eichensehr, K. E. (2017). Public-private cybersecurity. Texas Law Review, 95, 466–538.
Etzioni, A. (2011). Cybersecurity in the private sector. Issues in Science and Technology, 28(1).
Finnemore, M., & Hollis, D. (2016). Constructing norms for global cybersecurity. The American Journal of International Law, 110(3), 425–479.
Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208.
Genschel, P., & Jachtenfuchs, M. (2013). Beyond the regulatory polity? The European integration of core state powers. New York: Oxford University Press.
Goldin, I., & Mariathasan, M. (2014). The butterfly defect: How globalization creates systemic risks, and what to do about it. Princeton: Princeton University Press.
Gunningham, N., Grabosky, P., & Sinclair, D. (1998). Smart Regulation: Designing environmental policy. Oxford: Oxford University Press.
Harknett, R. J., & Stever, J. A. (2011, May/June). The new policy world of cybersecurity. Public Administration Review, 71(3), 455–460.
Hiller, J. S., & Russel, R. S. (2013). The challenge and imperative of private sector cybersecurity: An international comparison. Computer Law & Security Review, 29, 236–245.
Kemp, S. (2019). Digital 2019: Global digital overview. datareportal.com. Accessible here: https://datareportal.com/reports/digital-2019-global-digital-overview.
Klinke, A., & Renn, O. (2011). Adaptive and integrative governance on risk and uncertainty. Journal of Risk Research, 15(3), 273–292.
Knowles, R. (2017). Warfare as regulation. Washington and Lee Law Review, 74(4), 1953–2043.
Kuerbis, B., & Badiei, F. (2017). Mapping the cybersecurity institutional landscape. Digital Policy, Regulation and Governance, 19(6), 466–492.
Levi-Faur, D. (2005). The global diffusion of regulatory capitalism. The ANNALS of the American Academy of Political and Social Science, 598(1), 12–32.
Levi-Faur, D. (2011). Regulation and regulatory governance. In D. Levi-Faur (Ed.), Handbook on the politics of regulation. Cheltenham: Edward Elgar.
Liff, A. (2012). Cyberwar: A new ‘absolute weapon’? The proliferation of cy-berwarfare capabilities and interstate war. Journal of Strategic Studies, 35(3), 401–428.
Marchant, G., Sylvester, D. J., & Abbott, K. W. (2008). Risk management principles for nanotechnology. Nanoethics, 2(1), 43–60.
Mueller, M. (2017). Is cybersecurity eating internet governance? Causes and consequences of alternative framings. Digital Policy, Regulation and Governance, 19(6), 415–428.
Mueller, M. (2019). Against Sovereignty in cyberspace. International Studies Review, viz044. https://doi.org/10.1093/isr/viz044.
Quigley, K., & Roy, J. (2012). Cyber-security and risk management in an interoperable world: An examination of governmental action in North America. Social Science Computer Review, 30(1), 83–94.
Renn, O., Klinke, A., & van Asselt, M. (2011). Coping with complexity, uncertainty, and ambiguity in risk governance: A synthesis. Ambio, 40(2), 231–246.
Renn, O., Lucas, K., Haas, A., & Jaeger, C. (2017). Things are different today: The challenge of global systemic risks. Journal of Risk Research, 22(4), 401–415.
Rid, T. (2012). Cyber war will not take place. Journal of Strategic Studies, 35(1), 5–32.
Risse, T. (2011). Governance without a state: Policies and politics in areas of limited statehood. New York: Columbia University Press.
Rosenau, J. N., & Czempiel, E. (Eds.). (1992). Governance without Government: Order and change in world politics. Cambridge: Cambridge University Press.
Siboni, G., & Sivan-Sevilla, I. (2018a). The role of the state in the private-sector cybersecurity challenge. The Blog of Georgetown Journal of International Affairs. Available here.
Siboni, G., & Sivan-Sevilla, I. (2018b). Cybersecurity Regulations at the Private Sector: A Comparative Analysis of U.S., EU, UK, France, Germany, and Israel (Research Memorandum 180, INSS). Tel-Aviv, Israel.
Sivan-Sevilla, I. (2018). Complementaries and contradictions: National security and privacy risks in U.S. federal policy, 1968–2018. Policy & Internet, 11(2), 172–214.
Sivan-Sevilla, I. (2019). Framing and governing cyber risks: Comparative analysis of US federal policies [1996–2018]. Journal of Risk Research. https://doi.org/10.1080/13669877.2019.1673797.
Slayton, R., & Clark-Ginsberg, A. (2017). Beyond regulatory capture: Coproducing expertise for critical infrastructure protection. Regulation & Governance, 12(1), 115–130.
Tabansky, L., & Ben Israel, I. (2015). Cybersecurity in Israel. SpringerBriefs in Cybersecurity.
Thaw, D. (2013). The Efficacy of cybersecurity regulation. Georgia State University Law Review, 30(2), 1.
Thaw, D. (2014). Enlightened regulatory capture. Washington Law Review, 89, 329–377.
U.S. Government Accountability Office (GAO). (2017). Cybersecurity: Actions Needed to Strengthen U.S. Capabilities. Testimony before the Subcommittee on Research and Technology, Committee on Science, Space, and Technology, House of Representatives.
Valeriano, B., & Maness, R. C. (2014). The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research, 51(3), 347–360.
Van Eeten, M. (2017). Patching security governance: An empirical view of emergent governance mechanisms for cybersecurity. Digital Policy, Regulation and Governance, 19(6), 429–448.
Warner, M. (2015). Cybersecurity: A pre-history. Intelligence and National Security, 27, 781–799.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s)
About this chapter
Cite this chapter
Sivan-Sevilla, I., Sharvit, S. (2021). When Cybersecurity Meets the Regulatory State: Case-Study Analysis of the Israeli Cybersecurity Regulatory Regime. In: Tevet, E., Shiffer, V., Galnoor, I. (eds) Regulation in Israel. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-030-56247-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-56247-2_8
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-030-56246-5
Online ISBN: 978-3-030-56247-2
eBook Packages: Political Science and International StudiesPolitical Science and International Studies (R0)