Journal Article - IEEE Security & Privacy
Regulating Cybersecurity: Institutional Learning or a Lesson in Futility?
Abstract
On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?
Continue reading (log in may be required): http://doi.ieeecomputersociety.org/10.1109/MSP.2014.124
For more information on this publication:
Please contact
Science, Technology, and Public Policy
For Academic Citation:
Ellis, Ryan. “Regulating Cybersecurity: Institutional Learning or a Lesson in Futility?.” IEEE Security & Privacy, vol. 12. no. 6. (November-December 2014): 48-54 .
The Author
Ryan Ellis
- Affiliate, Cyber Security Project
- Former Associate, Cyber Security Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Video
- SNF Agora Institute
Election 2020 — Securing the Vote
Audio
- Pioneer Institute
Ballot Question 1: Risks & Regulations Regarding Right to Repair
Magazine Article
- Economist
Digital Dominance: A new global ranking of cyber-power throws up some surprises
In the Spotlight
Most Viewed
Policy Brief
- Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
Abstract
On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?
Continue reading (log in may be required): http://doi.ieeecomputersociety.org/10.1109/MSP.2014.124
The Author
Ryan Ellis
- Affiliate, Cyber Security Project
- Former Associate, Cyber Security Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Video - SNF Agora Institute
Election 2020 — Securing the Vote
Audio - Pioneer Institute
Ballot Question 1: Risks & Regulations Regarding Right to Repair
Magazine Article - Economist
Digital Dominance: A new global ranking of cyber-power throws up some surprises
In the Spotlight
Most Viewed
Policy Brief - Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
