Sean Atkins scite author profile

Sean Atkins

5Publications

10Citation Statements Received

68Citation Statements Given

How they've been cited

How they cite others

Affiliations

Massachusetts Institute of Technology

Publications

Order By: Most citations

An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure

Atkins

Lawson

2021

Public Administration Review

View full text Add to dashboard Cite

The last two decades have revealed the vulnerability of privately owned "critical infrastructure"-the power grid, pipelines, financial networks, and other vital systems-to cyberattack. The central U.S. response to this challenge has been a series of sectoral "partnerships" with private owner-operators of critical infrastructure, involving varying degrees of regulation. Qualitative analysis based on in-depth interviews with over 40 policymakers and senior private sector managers, as well as public documents, reveals considerable variation in how well this approach has worked in practice. The main predictors of policy success appear to be (a) the nature of the cyber threat to firms' operations and (b) regulatory pressure on firms. However, other factors-such as the nature of intra-industry competition-also affect how well the current regime works in specific sectors. Our findings have implications for public administration on civilian cybersecurity, as well as ramifications for regulation in other policy domains. Evidence for Practice• Collaboration between business and government in cybersecurity is distinct from conventional publicprivate partnerships designed to address capital markets failures, in that it must be highly flexible and adaptive. • Cybersecurity policies should be tailored to critical infrastructure sectors or subsectors, to take into account the nature of industry competition, the size and complexity of the sector, and longstanding relationships between business and the government in the sector. • Government agencies that possess a strong historical relationship to their assigned sector, expertise in cyber, and resources to help firms are better able than other lead agencies to build an effective cybersecurity partnership with industry. • Irrespective of sector, collaboration between the government and private owner-operators of critical infrastructure requires a high level of trust, often built through personal relationships and then reinforced through iterated interactions.C ritical infrastructure refers to the systems that undergird modern society: the power grid that provides electricity to businesses and households, financial networks that allow the market economy to function, water and sewerage systems, and the like (Alcaraz and Zeadally 2015; CIPA 2001; DHS 2019). Because ordinary operations in these sectors are increasingly digitalized, and because the hardware and software components of these systems often have exploitable features (NIST 2019), much of this infrastructure is susceptible to cyberattack (Clinton and Perera 2016;Johnson 2015). The increasing connectivity of critical infrastructures to other networks, including the internet, has exacerbated this vulnerability (inter alia Clinton 2016; Speake 2015; Johnson 2015).Not only do attacks threaten targeted firms and sectors themselves, but they could also potentially trigger cascading failures (

show abstract

Cooperation amidst competition: cybersecurity partnership in the US financial services sector

Atkins

Lawson

2021

View full text Add to dashboard Cite

The US Financial Services Sector (FSS) is commonly regarded as one of the most successful in addressing cybersecurity through public–private partnership and as a potential model for less advanced sectors. However, how well the sector has actually fared remains poorly understood. Based on publicly available material and in-depth interviews with those intimately involved in business–government collaboration on cybersecurity in the FSS, we analyze how and why collaboration evolved into its current form. We find that considerable gaps remain, which both reveal limitations in the current policy framework for the FSS and suggest lessons for other critical infrastructure sectors.

show abstract

Integration of Effort: Securing Critical Infrastructure from Cyberattack

Atkins

Lawson

2022

Public Administration Review

View full text Add to dashboard Cite

Securing privately owned critical infrastructure from cyberattacks poses a novel challenge for the modern regulatory state. In this domain, the interests of the government are only partly aligned with those of nongovernmental owner-operators, necessitating some sort of state action. However, because (1) security conditions change swiftly and (2) the information and tools necessary for effective planning and response are distributed across the private and public sectors, standard regulatory tools are unlikely to produce security. "Integration of effort," which involves intensive strategic and operational collaboration between systemically important firms and the government, is a more promising approach. Evidence for Practice• The dominant U.S. approach to cybersecurity for critical infrastructure-"voluntary partnership" between industry and government-is inadequate to the objective of ensuring continuity of operations. • Cybersecurity mandates aimed at private owner-operators of critical infrastructure, which have been contemplated by successive Administrations and Congress-would prove cumbersome, costly, and ineffective. • The best approach for protecting critical infrastructures against well-resourced threat actors (such as foreign nation-states) is "integration of effort." This model would leverage the distinctive capabilities and authorities of private owner-operators and the government to efficiently (1) identify vulnerabilities and threats; (2) steer investment toward where it is most needed; and (3) prevent, disrupt, or mitigate the damage from cyberattacks on critical systems. One institutional instantiation of integration of effort is a joint "war room" that includes representatives of the relevant federal agencies and a few dozen systemically.

show abstract

Perestroika and Persons with a Physical Disability

Atkins¹

2008

View full text Add to dashboard Cite

show abstract

Divided landscapes: the emergence and dissipation of "The Great Divide" landscape narrative

Atkins¹

2011

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sean Atkins

An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure

Cooperation amidst competition: cybersecurity partnership in the US financial services sector

Integration of Effort: Securing Critical Infrastructure from Cyberattack

Perestroika and Persons with a Physical Disability

Divided landscapes: the emergence and dissipation of "The Great Divide" landscape narrative

Contact Info

Product

Resources

About