INFOSOC Meeting 3.6. @14:00 – What happened to the Internet security community in Europe’s cybersecurity strategy? Andreas Schmidt, TU-Delft in Sala Belvedere, Villa Schifanoia

Information security is now one of the most lively and important topics in both international relations and public policy debates. News about yet another über-sophisticated attack with potentially or actually devastating effects break news every other day. Policy makers are expected to come up with solutions, policies, and institutional design that help to ensure nothing less than the security of the Internet. Europe’s answer to these challenges is the developing EU draft directive on cybersecurity. These plans contrast with an existing cybersecurity institution that is hardly reflected on in ongoing policy debates. In past large-scale security incidents, the Internet’s somewhat hidden, distributed, and informal global security provider, the Internet security community, has played a pivotal role in responding to such threats. This talk argues that Europe’s cyberstrategy drops the opportunity to innovate on one of the core foundations of democratic governance: security institutions.

Andreas Schmidt researches organisational and political aspects of Internet security at the Faculty of Technology, Policy and Management at Delft University of Technology. He is currently writing up the results of his PhD research project on the role of technical communities in Internet security governance and previous Internet security incidents. Andreas holds a Master degree in Political Science, and Medieval and Contemporary History. Before joining TU Delft, Andreas worked as business consultant with a focus on identity management and enterprise IT security. Recently published or accepted peer-reviewed articles have covered the organisation of Internet security production, the Estonian cyberattacks, networked governance in International Relations, and emerging hybrids of networks and hierarchies.