Blessed Are The Lawyers, For They Shall Inherit Cybersecurity

Woods, Daniel; Ceross, Aaron

doi:10.1145/3498891.3501257

Cited by 2 publications

References 97 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Regulating digital security by design? Implications of the perspectives from DSbD programme stakeholders

Slesinger,

Panteli,

Coles-Kemp

2024

ICS

View full text Add to dashboard Cite

Purpose As part of the growing necessity for inter-organisational and multi-disciplinary interaction to facilitate complex innovation in digital security, there needs to be greater engagement with regulation in the innovation process. This is particularly true in the case of security technologies that are embedded within wider systems and that are largely invisible to most of the users of that system. This paper aims to describe stakeholders’ perspectives on regulation in the digital security innovation process and evaluates the implications of these perspectives on anticipatory regulation in digital security. Design/methodology/approach Using a qualitative methodology based on semi-structured expert interviews and ethnographic participant observation, the study draws on the authors’ involvement in a formally organised programme of academia–industry–government collaboration called Digital Security by Design (DSbD). Findings The study highlights a relational dimension to establishing regulatory responsibilities that is enabled through interdisciplinary dialogue. The study contributes to understanding the multifaceted roles of regulation in digital security innovation across organisations and areas of expertise. It does so by identifying four themes in how regulation is perceived in the DSbD programme: ethical imperative, adding value, adoption lever and passive compliance. Practical implications Incorporating regulatory responsibilities through dialogue early in the innovation process, rather than only once a security technology’s deleterious effects are noticeable, which could make digital innovation and transformation safer and better regulated. It can also make regulation successfully adopted, rather than an exercise in damage control or an adversarial process between regulators and organisations. Originality/value This paper presents original empirical research on how regulation is considered by stakeholders in a novel multi-disciplinary digital security innovation process. It then uses these findings as a basis to evaluate the implications for establishing regulatory responsibilities for a class of security technologies that are embedded within wider systems and that are largely invisible to most of the users of those wider systems.

show abstract