Governing through crisis. Conflict, crises and the politics of cyberspace | Online Conference | 9-11 November 2021
Register for free now

< Return to program overview

Panel 3

|

Emerging Cyber Orders: Nations, Regions, and Peripheries

Cristina Del-Real

Dr. Cristina Del-Real holds a PhD in cybersecurity governance from the University of Cádiz. For her doctoral thesis, she explored the institutional landscape and the collaboration agreements between cybersecurity actors by conducting a Delphi study and interviews with high-profile participants such as government officials, police officers, intelligence agents, hackers and company executives. She also holds a Bachelor’s Degree in Criminology from the University of Sevilla and a Master’s Degree in Criminal Justice and Security Studies from the University of Cádiz. She was visitor researcher at the Center for Urban Informatics and Progress at the University of Tennessee and the Scottish Centre for Crime and Justice Research at the University of Glasgow. Her research interests include cybersecurity governance, plural policing, public acceptance of technologies for security applications, and the public perceptions of the intelligence agencies. She is also an active Board Member of the Spanish Network of Early-Career Researchers in Criminology.

Twitter: @Cridelcas

LinkedIn: Cristina Del-Real

Antonio Díaz-Fernández

Prof. Antonio Díaz-Fernández is Associate Professor of Criminal Law at the University of Cádiz. He holds a PhD in Political Science and Administration from the University of Barcelona and a Master’s Degree in Peace, Security and Defence awarded by the University Institute ‘General Gutiérrez Mellado’ in Madrid. He has been a visiting researcher at the International Centre for Security Analysis (King’s College, London) and Brunel Centre for Security and Intelligence Studies (Brunel University, London) and the University of Glasgow. His most recent research project as Principal Investigator is "Technology and social control: Foundations for a democratic security governance in Andalusia" (2021-2023). He is vice-dean of the Faculty of Law and deputy editor of The International Journal of Intelligence, Security, and Public Affairs.

Abstract

Keynote

The future of the governance of cybersecurity in Spain: A Delphi forecasting study

In recent years, states have been developing plans, policies, and creating agencies to improve their capacity to prevent, detect, and investigate cybercrime. However, combating cybercrime entails numerous challenges as it takes place in an environment without physical borders and where anonymity is the rule: cyberspace. Criminological research has repeatedly found that police organisations failed to adapt quickly to the fight against cybercrime. As a result, new public and private organisations have emerged as providers of cybersecurity. Given the potential negative impact of an inadequate societal response to cybercrime, an analysis of future scenarios that will characterise cybersecurity governance is required to identify present and future weaknesses and threats. Therefore, this paper explore the model of cybersecurity governance perceived to be most likely for Spain in 2035. Using a Delphi design and in-depth interviews with cybersecurity 110 experts from government, police and military agencies, industry and academia, we develop and evaluate different 20 scenarios addressing cybersecurity coordination, cybersecurity distribution, market organization and cybersecurity provision. The final model is built from the seven Delphi scenarios with the highest consensus regarding the likelihood of occurrence. We find that cybersecurity experts predict a hybrid model in which the state will have the role of coordinating and supervising private cybersecurity providers. According to experts, the spread of the idea of cybersecurity as a public good is likely to mobilize public institutions against the growing monopoly of large ICT corporations. For this reason, cybersecurity governance is moving towards a model in which the activity of private actors will be legitimised through public regulatory processes. The role of Spanish and European agencies will be to regulate cybersecurity policies and to ensure that the activities of private companies are aligned with the general interests of the citizens. We complement this most probable model of cybersecurity governance with a discussion of the controversial or extreme scenarios.