The New F-word: The case of fragmentation in Dutch cybersecurity governance external link

Mirzaei, P. & Busser, E. de
Computer Law & Security Review, vol. 55, num: 106032, 2024

Abstract

The fragmentation of the Dutch cybersecurity government landscape is a widely discussed phenomenon among politicians, policy makers, and cybersecurity specialists. Remarkably though, a negative narrative is underlying the idea of fragmentation, suggesting that we are dealing with a serious problem. A problem that has the potential of impeding cybersecurity governance in the Netherlands. This research zooms in on how cybersecurity governance is organised within the central government, and which organisations are concerned with the creation, implementation, and oversight of cybersecurity policies vis à vis Dutch society. This article provides an overview of all central government organisations (de Rijksoverheid) that are involved in cybersecurity governance on a strategic level. This research provides the first step in doctoral research into the possible implications of the fragmentation of cybersecurity governance in the Dutch central government, and how this fragmentation could potentially impact policy creation, implementation, and oversight. Based on the mapping of this governance landscape, it set out to measure fragmentation based on the number of units or organisations that are concerned with cybersecurity governance in the central government on a strategic level. This study has found that based on Boyne's (1992) notion of fragmentation and the Dutch governments’ definition of tiers, the Dutch cybersecurity governance landscape could indeed, when meticulously following Boyne's counting procedure, be regarded as fragmented.

cybersecurity, fragmentation, Internet governance, the netherlands

Bibtex

Article{nokey, title = {The New F-word: The case of fragmentation in Dutch cybersecurity governance}, author = {Mirzaei, P. and Busser, E. de}, url = {https://www.sciencedirect.com/science/article/pii/S0267364924000980}, doi = {https://doi.org/10.1016/j.clsr.2024.106032}, year = {2024}, date = {2024-11-15}, journal = {Computer Law & Security Review}, volume = {55}, number = {106032}, pages = {}, abstract = {The fragmentation of the Dutch cybersecurity government landscape is a widely discussed phenomenon among politicians, policy makers, and cybersecurity specialists. Remarkably though, a negative narrative is underlying the idea of fragmentation, suggesting that we are dealing with a serious problem. A problem that has the potential of impeding cybersecurity governance in the Netherlands. This research zooms in on how cybersecurity governance is organised within the central government, and which organisations are concerned with the creation, implementation, and oversight of cybersecurity policies vis à vis Dutch society. This article provides an overview of all central government organisations (de Rijksoverheid) that are involved in cybersecurity governance on a strategic level. This research provides the first step in doctoral research into the possible implications of the fragmentation of cybersecurity governance in the Dutch central government, and how this fragmentation could potentially impact policy creation, implementation, and oversight. Based on the mapping of this governance landscape, it set out to measure fragmentation based on the number of units or organisations that are concerned with cybersecurity governance in the central government on a strategic level. This study has found that based on Boyne\'s (1992) notion of fragmentation and the Dutch governments’ definition of tiers, the Dutch cybersecurity governance landscape could indeed, when meticulously following Boyne\'s counting procedure, be regarded as fragmented.}, keywords = {cybersecurity, fragmentation, Internet governance, the netherlands}, }

In China’s cyberwereld is niet vrijheid, maar gehoorzaamheid de norm external link

Het Financieele Dagblad, vol. 2018, 2018

China, cybersecurity, Informatierecht

Bibtex

Article{Arnbak2018j, title = {In China’s cyberwereld is niet vrijheid, maar gehoorzaamheid de norm}, author = {Arnbak, A.}, url = {https://axelarnbak.nl/2018/09/06/51e-fd-column-in-chinas-cyberwereld-is-niet-vrijheid-maar-gehoorzaamheid-de-norm/}, year = {0906}, date = {2018-09-06}, journal = {Het Financieele Dagblad}, volume = {2018}, pages = {}, keywords = {China, cybersecurity, Informatierecht}, }

Geen Spelen of verkiezingen zonder digitale oorlogsvoering external link

Het Financieele Dagblad, vol. 2018, 2018

China, cybersecurity, ddos, digitale oorlogsvoering, hacking, informatierect, Surveillance

Bibtex

Article{Arnbak2018b, title = {Geen Spelen of verkiezingen zonder digitale oorlogsvoering}, author = {Arnbak, A.}, url = {https://axelarnbak.nl/2018/03/25/45e-fd-column-geen-spelen-of-verkiezingen-zonder-digitale-oorlogsvoering/}, year = {0326}, date = {2018-03-26}, journal = {Het Financieele Dagblad}, volume = {2018}, pages = {}, keywords = {China, cybersecurity, ddos, digitale oorlogsvoering, hacking, informatierect, Surveillance}, }

Ziekenhuizen en energiebedrijven gaan wellicht boeten voor beveiligingsfouten: Nieuwe IT-wet bedoeld om ‘potentiële maatschappelijke ontwrichting’ te voorkomen external link

Het Financieele Dagblad, vol. 2017, 2017

beveiliging, cybersecurity, energiebedrijven, it, nederland, Privacy, ransomware, Telecommunicatierecht, toezicht, wetgeving, ziekenhuizen

Bibtex

Article{Arnbak2017b, title = {Ziekenhuizen en energiebedrijven gaan wellicht boeten voor beveiligingsfouten: Nieuwe IT-wet bedoeld om ‘potentiële maatschappelijke ontwrichting’ te voorkomen}, author = {Arnbak, A.}, url = {https://axelarnbak.nl/2017/10/05/40e-fd-column-ziekenhuizen-en-energiebedrijven-gaan-wellicht-boeten-voor-beveiligingsfouten/}, year = {1005}, date = {2017-10-05}, journal = {Het Financieele Dagblad}, volume = {2017}, pages = {}, keywords = {beveiliging, cybersecurity, energiebedrijven, it, nederland, Privacy, ransomware, Telecommunicatierecht, toezicht, wetgeving, ziekenhuizen}, }

China’s new cybersecurity law – effective as of 1 June 2017 external link

Staden ten Brink, R. van, Wang, J., Veldhoen, D. & Arnbak, A.
Trade Security Journal, vol. 2017, num: 2, pp: 27-29, 2017

Abstract

While China’s new cybersecurity law may appear vague, cumbersome and lacking clarity, one thing is clear and that is that international companies with any operations and/or activities in China should quickly assess if and how they are covered by the new legislation.

China, cybersecurity

Bibtex

Article{tenBrink2017, title = {China’s new cybersecurity law – effective as of 1 June 2017}, author = {Staden ten Brink, R. van and Wang, J. and Veldhoen, D. and Arnbak, A.}, url = {https://www.ivir.nl/publicaties/download/TSJ_2017_2.pdf}, year = {0721}, date = {2017-07-21}, journal = {Trade Security Journal}, volume = {2017}, number = {2}, pages = {27-29}, abstract = {While China’s new cybersecurity law may appear vague, cumbersome and lacking clarity, one thing is clear and that is that international companies with any operations and/or activities in China should quickly assess if and how they are covered by the new legislation.}, keywords = {China, cybersecurity}, }

Deltaplan voor online privacy & beveiliging external link

Het Financieele Dagblad, 2014

cybersecurity, data retention, ECHR, Grondrechten, hacking, NSA, Privacy, Surveillance, wiretapping

Bibtex

Article{nokey, title = {Deltaplan voor online privacy & beveiliging}, author = {Arnbak, A.}, url = {https://www.axelarnbak.nl/2014/11/04/derde-column-in-financieele-dagblad-deltaplan-online-privacy-en-beveiliging/}, year = {1106}, date = {2014-11-06}, journal = {Het Financieele Dagblad}, keywords = {cybersecurity, data retention, ECHR, Grondrechten, hacking, NSA, Privacy, Surveillance, wiretapping}, }

Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy external link

2014

Abstract

This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.

Constitutional and administrative law, cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad

Bibtex

Presentation{nokey, title = {Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy}, author = {Arnbak, A.}, url = {http://www.ivir.nl/publicaties/download/1421.pdf}, year = {1014}, date = {2014-10-14}, abstract = {This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.}, keywords = {Constitutional and administrative law, cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad}, }