Journal Article - IEEE Security & Privacy
Regulating Cybersecurity: Institutional Learning or a Lesson in Futility?
Abstract
On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?
Continue reading (log in may be required): http://doi.ieeecomputersociety.org/10.1109/MSP.2014.124
For more information on this publication:
Please contact
Science, Technology, and Public Policy
For Academic Citation:
Ellis, Ryan. “Regulating Cybersecurity: Institutional Learning or a Lesson in Futility?.” IEEE Security & Privacy, vol. 12. no. 6. (November-December 2014): 48-54 .
The Author
Ryan Ellis
- Affiliate, Cyber Security Project
- Former Associate, Cyber Security Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- The Hill
We Must Sustain America’s Big Tech Engines of Innovation
Analysis & Opinions
- Foreign Policy
Why the U.S. Should Not Ban TikTok
Analysis & Opinions
- Slate
Everything Is Hackable
In the Spotlight
Most Viewed
Analysis & Opinions
- Foreign Policy
America Is Too Scared of the Multipolar World
Analysis & Opinions
- Project Syndicate
What Caused the Ukraine War?
Analysis & Opinions
- New Straits Times
Gorbachev and the End of the Cold War
Abstract
On 22 November 2013, the Federal Energy Regulatory Commission approved the latest version of mandatory cybersecurity regulations for the bulk electric system—known as Critical Infrastructure Protection (CIP) Reliability Standards. The CIP standards are relatively unique: they are developed through an unusual model of industry-led regulation that places industry, and not federal regulators, at the center of regulatory design and enforcement. The CIP regulations have received a significant amount of criticism. Critics argue that the regulations are incomplete at best and irreparably flawed at worst. The author examines the lessons we can learn from the CIP standards and poses a provocative question: Are the regulations actually a secret success?
Continue reading (log in may be required): http://doi.ieeecomputersociety.org/10.1109/MSP.2014.124
The Author
Ryan Ellis
- Affiliate, Cyber Security Project
- Former Associate, Cyber Security Project
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - The Hill
We Must Sustain America’s Big Tech Engines of Innovation
Analysis & Opinions - Foreign Policy
Why the U.S. Should Not Ban TikTok
Analysis & Opinions - Slate
Everything Is Hackable
In the Spotlight
Most Viewed
Analysis & Opinions - Foreign Policy
America Is Too Scared of the Multipolar World
Analysis & Opinions - Project Syndicate
What Caused the Ukraine War?
Analysis & Opinions - New Straits Times
Gorbachev and the End of the Cold War
